Snwkz is ransomware that our team discovered while examining samples submitted to the VirusTotal website. The purpose of Snwkz is to encrypt files. Also, it creates a ransom note (a file named "[random_string]_HOW_TO_DECRYPT.txt") and renames files by appending a string of random characters and th
While investigating rogue software, we discovered the search.tablicious.com fake search engine. These illegitimate websites usually cannot generate search results and redirect to genuine search engines; this is true of search.tablicious.com as well. Sites of this kind are typically promoted (via
While investigating untrustworthy websites, our research team discovered the productprogramm2[.]com rogue page. It is designed to promote dubious/malicious software and browser notifications spam. Furthermore, this webpage can redirect visitors to different (likely unreliable/dangerous) sites. Us
Roghe is the name of a ransomware-type program. Malware classed as ransomware operates by encrypting data in order to demand ransoms for its decryption. After we executed a sample of Roghe on our test machine, we learned that it appends encrypted files with a ".enc" extension. For example, a file
After inspecting the "Suspicious Login Attempt On Your Windows Computer" email, we determined that it is spam operating as a technical support scam. The letter is presented as an alert from Microsoft/ Windows Security Center. It states that a suspect sign-in attempt has been made to the recipient
While analyzing malware samples submitted to the VirusTotal website, we discovered a ransomware variant dubbed Google. We found that Google ransomware belongs to the Chaos ransomware family. The purpose of this malware is to encrypt files. In addition to encrypting files, Google ransomware drops t
Our analysis of the "Account Will Be Terminated" email revealed that it is spam. This fake letter claims that the recipient's email account will be closed – unless it is upgraded. When the user attempts to update their account, the link in the letter redirects them to a phishing website. This sit
Upon inspection, it has been discovered that this website displays deceptive messages, such as fake warnings, which falsely claim that a computer is infected and that antivirus software is unregistered. These messages are entirely fraudulent and should not be trusted. Aura was made aware of misle
Likerus[.]click is an untrustworthy page that displays deceptive content and wants to send notifications. Our team discovered likerus[.]click while examining websites that use rogue advertising networks. Users do not access sites like likerus[.]click intentionally. This website alleges tha
While inspecting new submissions to VirusTotal, our researchers discovered the Stolen ransomware-type program. Malware within this category is designed to encrypt data and demand payment for decryption. This program belongs to the Makop ransomware family. Once we executed a sample of Stolen (Mako