Reynolds is ransomware that encrypts files, appends the ".locked" extension, and creates a ransom note ("___RestoreYourFiles___.txt"). An example of how files are renamed: "1.jpg" becomes "1.jpg.locked", "2.png" becomes "2.png.locked", "3.exe" becomes "3.exe.locked", etc. Reynolds uses a techniqu
During our inspection, we found that zravonira[.]com is a deceptive website designed to trick visitors into granting it permission to show notifications. If this page is allowed to send notifications, it bombards users with fake warnings and other misleading messages that can expose them to scams
MackDEV is ransomware, a type of malware designed to encrypt files and used to extort money. In addition to encrypting data, MackDEV renames files by appending the ".MackDEV" extension. For instance, it changes "1.jpg" to "1.jpg.MackDEV" and "2.png" to "2.png.MackDEV". A ransom note ("MackDEV_READ
During our inspection of malware samples submitted to VirusTotal, we discovered IdontCareLOck and uncovered that it is ransomware. Once launched on a device, IdontCareLOck encrypts files, changes the desktop wallpaper, creates a ransom note ("IdontCareLOck.txt"), and appends its extension (".Idont
We have inspected the message and found that it is a phishing email posing as a notification regarding downloaded files. Its purpose is to trick recipients into opening the included website. That site is designed to appear official to trick visitors into disclosing personal information. Th
Our team has concluded that this is a scam email claiming that the recipient has received a document for review. It is used to promote a fraudulent website designed to steal personal information. Scams of this type are classified as phishing attempts. Recipients should not respond to such emails a
Our research shows that suriumes[.]com is designed to trick users into allowing notifications through a misleading message. If those notifications are enabled, the site can send fake alerts and other deceptive content to promote unreliable, potentially malicious websites. Thus, suriumes[.]com and
Our analysis has revealed that proceedandgo.co[.]in is designed to trick visitors into agreeing to receive notifications. The website uses a deceptive message as a lure. If permitted, proceedandgo.co[.]in can deliver fake warnings and other types of misleading notifications that can expose users t
Our analysis shows that Open is ransomware, and our team discovered it while examining samples submitted to VirusTotal. After execution, Open encrypts files, replaces their names with a random filename, and appends the ".open" extension. For example, it renames "1.jpg" to "Lbl6zpSzTC.open" and "2.
Our analysis shows that Ndm448 is ransomware that belongs to the Makop family. Our discovery of Ndm448 occurred during a routine inspection of malware samples uploaded to VirusTotal. Once run, Ndm448 encrypts files, modifies their filenames, changes the desktop wallpaper, and provides a ransom not