While investigating Pozq, we found that is one of the Djvu ransomware variants. It encrypts files, appends the ".pozq" extension to filenames, and creates the "_readme.txt" file (a ransom note). Our researchers discovered Pozq while inspecting malware samples on the VirusTotal page. It is importa
CRYPTONITE is ransomware based on another ransomware called Chaos. Our team discovered CRYPTONITE while checking the VirusTotal site for recently submitted malware samples. During our analysis, this ransomware encrypted files and appended four random characters as their new extension. Also, CRYPT
While inspecting deceptive websites offering to download "useful" applications, update outdated software, etc., we discovered an application called MainFrameSelect. During our analysis, we learned that MainFrameSelect is advertising-supported software (adware) that shows intrusive advertisements
We examined the recif[.]click and found that it runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it can show untrustworthy notifications (if allowed). Our team discovered recif[.]click while inspecting illegal movie streaming pages, torrent sites, and other pages of this kind th
Our team analyzed this email letter and learned that it was sent to obtain personal information from the recipient. It is disguised as a letter from an email service provider. It contains a website link designed to open a phishing page. This email must be ignored. The email states that the
Venolock is one of the ransomware variants from the ZEPPELIN ransomware family. We discovered Venolock while inspecting malware samples submitted to VirusTotal. Our team learned that this ransomware encrypts and renames files. It appends ".vn2" and the victim's ID to filenames. For example, Venol
Powd is ransomware (belonging to the Djvu family) that encrypts victims' files to make them inaccessible. Also, this malware modifies filenames by appending the ".powd" extension to filenames and creates a ransom note ("_readme.txt") to provide contact and payment information. An example of how P
While inspecting questionable websites, we discovered the asxerk[.]click rogue webpage. It runs scams, promotes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites. Users typically access such pages through redirects caused by websites that use rogue adve
While investigating new submissions to VirusTotal, our researchers discovered the LockFiles ransomware. This malicious program belongs to the MedusaLocker ransomware family. After we executed a sample of LockFiles (MedusaLocker) ransomware on our testing system, it encrypted files and appended th
While looking through new malware submissions to VirusTotal, our researchers discovered the AROS ransomware-type program. Once we executed a sample of it on our test machine, this ransomware began encrypting files. The filenames of the affected files were appended with a unique ID assigned to the