doctopdfsupreme.com is a fake search engine which is promoted through a potentially unwanted application (PUA), a browser hijacker called docpdfsupreme (or docpdfsupreme - Search the web and convert PDF). Typically, browser hijackers promote fake search engines by changing certain browser setti
Scammers behind this email claim that they have hacked the computer and taken control of the recipient's personal and financial data. They threaten to delete the data unless the recipient pays a specific ransom amount. Extortion, however, is not their primary goal. They also attempt to trick peop
TRSomware is a new variant of MMDecrypt ransomware. It operates by encrypting the data of infected systems so that criminals can demand payment for decryption tools/software. During encryption, filenames are appended with the ".TRSomware[is_back__New-Algorithm__By_MaMo434376]" extension. For exam
Devos is a part of the Phobos ransomware family. Like most programs of this type, Devos blocks access to files by encryption, changes filenames and provides victims with instructions about how to recover their files. This ransomware renames all encrypted files by adding the victim's ID, developer'
centerplaceofupgrade[.]pro is a deceptive site promoting a fake Adobe Flash Player updater scam. The web page claims that the plug-in is outdated and recommends installation of the latest updates. Note that bogus software updates are typically used to proliferate nonoperational, untrustworthy an
.777 (njkwe RaaS) belongs to the Paradise ransomware family and was discovered by S!Ri. This ransomware encrypts data, renames all files by adding a string containing the operator's number, victim's personal ID and appending the ".777" extension to filenames. For example, it renames "1.jpg" to "1.
Discovered by GrujaRS, PRT is a malicious program belonging to the Paradise ransomware family. It operates by encrypting data and demanding payment for decryption tools/software. During the encryption process, all affected files are renamed according to the following pattern: original filename, vi
therightwaytofindplayering[.]pro is a deceptive site running a scam claiming that Adobe Flash Player is outdated and must be updated immediately. In fact, this site promotes a fake Flash Player updater. These updaters are commonly used to proliferate untrustworthy and malicious content (e.g. troja
Nosu is a part of the Djvu ransomware family. Like most programs of this type, Nosu is designed to prevent victims from accessing their files unless a ransom is paid. It encrypts data, creates a ransom message ("_readme.txt" text file) and appends the ".nosu" extension to the name of each encrypte
Z9 belongs to the Dharma ransomware family and was discovered by Raby. Ransomware-type programs generally encrypt victims' files, change associated filenames and create and/or display ransom messages. Z9 renames encrypted files by adding the victim's ID, the help.me24@protonmail.com email address,