Our malware researchers discovered ADMON ransomware while analyzing samples submitted to VirusTotal. ADMON encrypts files and appends its extension (".ADMON") to filenames. Also, this ransomware provides a ransom note ("RESTORE_FILES_INFO.txt"). An example of how ADMON changes filenames: it renam
During our examination of websites that use questionable advertising networks, we came across finishedwarmth[.]com, which is one of the many sites that utilize misleading messages to trick visitors into granting permission for notification display. Additionally, while browsing finishedwarmth[.]com
Mackledcity[.]com is a rogue page that our research team found while investigating suspect websites. The webpage is designed to promote browser notification spam and redirect users to different (likely unreliable/malicious) sites. Most users access pages like mackledcity[.]com via redirects caused
SMILE DOG is a ransomware-type program that we discovered while inspecting new submissions to the VirusTotal site. Malware within this classification is designed to encrypt data and demand payment for its decryption. There are several variants of SMILE DOG; the known ones append the encrypted fil
Our research team discovered the Xatz ransomware while inspecting new submissions to the VirusTotal website. Xatz is part of the Djvu ransomware family. This program operates by encrypting data and demanding payment for its decryption. Once executed on our testing system, Xatz began encrypting fi
Our research team discovered Cyb – yet another malicious program belonging to the VoidCrypt ransomware family, during a routine investigation of new submissions to VirusTotal. After we executed a sample of Cyb on our testing system, it began encrypting files and appended their filenames with a ".
While investigating new submissions to VirusTotal, our researchers discovered the BlackRock ransomware. It is designed to encrypt data and demand ransoms for its decryption. This malicious program is part of the Phobos ransomware family. On our testing machine, BlackRock encrypted files and modif
While examining samples on VirusTotal, our malware analysts discovered Xash, a ransomware strain that is part of the Djvu family. This nefarious software encrypts files and appends the ".xash" extension to their original names. It also creates a ransom note named "_readme.txt". An example of how
Our research team found the misground[.]com rogue webpage while investigating suspect sites. This page is designed to push browser notification spam and redirect users to different (likely unreliable/malicious) websites. Visitors to misground[.]com and similar webpages access them primarily via r
Misarea[.]com is a rogue page that we discovered while inspecting untrustworthy websites. It operates by promoting browser notification spam and redirecting visitors to other (likely unreliable/hazardous) webpages. Most users access misarea[.]com and similar pages via redirects caused by websites