Search results for: ransomware

Published: March 25, 2026  Category: News

... inclusion of wiper functionality raises concerns about future attacks. Supply chain compromises could blend with ransomware or sabotage campaigns, increasing the risk to organizations that rely on shared infrastructure. The TeamPCP campaign underscores a key challenge in open-source ecosystems: balancing ...

Published: March 25, 2026  Category: Removal guides

What kind of malware is Bear? Bear is ransomware from the MedusaLocker family. We have discovered it while examining malware samples uploaded to VirusTotal. When executed, Bear encrypts files and appends its extension. It also changes the desktop wallpaper and creates the "READ_NOTE.html" file, a ransom ...

Published: March 23, 2026  Category: Removal guides

What kind of malware is PCLocked? We have discovered PCLocked while inspecting malware samples uploaded to VirusTotal and concluded that it is ransomware. Malware of this type encrypts files and provides a ransom note. PCLocked's ransom note is the "RECOVERY_ID.txt" file. Additionally, it renames encrypted ...

Published: March 17, 2026  Category: Removal guides

What kind of malware is Uragan? We discovered Uragan during an inspection of malware samples uploaded to VirusTotal and determined that it is ransomware. After execution, Uragan encrypts data and appends the ".uragan" extension to files (e.g., it renames "1.jpg" to "1.jpg.uragan", "2.png" to "2.png.uragan", ...

Published: March 15, 2026  Category: News

... as the entry point for larger attacks. Once inside, attackers may target data theft, espionage, or ransomware deployment. This approach illustrates how credential theft acts as a gateway for larger attacks. Harvested credentials are often sold or used by initial access brokers. Security researchers ...

Published: March 15, 2026  Category: Removal guides

What kind of malware is RedStar? Our team discovered RedStar while inspecting malware samples uploaded to VirusTotal and concluded that it is ransomware. Once executed, RedStar encrypts files and appends the ".RedStar" extension to files (e.g., it renames "1.jpg" to "1.jpg.RedStar", "2.png" to "2.png.RedStar", ...

Published: March 15, 2026  Category: Removal guides

What kind of malware is Bricks? Our analysis has revealed that Bricks is ransomware from the Proton family. We discovered this ransomware while analysing samples uploaded to VirusTotal. After execution, Bricks encrypts and renames files (by appending an email address and the ".bricks" extension), changes ...

Published: March 12, 2026  Category: Removal guides

... an information stealer, cryptocurrency miner, ransomware, or a remote access Trojan. Executing the malware may allow cybercriminals to steal sensitive information (e.g., login credentials, clipboard data, credit card details). The distributed malware may also be capable of encrypting files, using the ...

Published: March 11, 2026  Category: Removal guides

What kind of malware is Zollo? Our team has examined Zollo and found that it is ransomware belonging to the MedusaLocker family. This discovery occurred while inspecting malware samples submitted to VirusTotal. Once a device is infected with Zollo, the ransomware encrypts files, appends its extension ...

Published: March 10, 2026  Category: Removal guides

What kind of malware is Raptum? Raptum is ransomware from the MedusaLocker family. Our discovery of Raptum occurred during an inspection of malware samples submitted to VirusTotal. This ransomware encrypts files and appends the ".raptum46" extension (the number in the extension might vary). It also ...

Published: March 09, 2026  Category: Removal guides

What kind of malware is Immigration? Our team has analysed the malware and determined that it is ransomware. We discovered Immigration ransomware while inspecting malware samples uploaded to VirusTotal. After execution, it encrypts files, creates the "WHATS_HAPPEND.txt" file (a ransom note), and appends ...

Published: March 04, 2026  Category: News

... phishing campaigns. This shift mirrors the broader "cybercrime-as-a-service" economy. In this economy, malware, exploit kits, and ransomware operations increasingly operate as commercial services. Both the LeakBase and Tycoon2FA operations provide investigators with significant intelligence opportunities. ...

Published: March 01, 2026  Category: Removal guides

What kind of malware is Witch? Witch is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Once executed, Witch locks files by encrypting them and renames them by adding the ".witch" extension. For instance, it renames "1.jpg" to "1.jpg.witch" and "2.png" to "2.png.witch". ...

Published: March 01, 2026  Category: Removal guides

What kind of malware is Osa? Our analysis shows that Osa is ransomware from the Makop family. We discovered this ransomware while analysing samples uploaded to VirusTotal. Once a device is infected, Osa encrypts files, appends its extension to files (".osa") along with the victim's ID and an email ...

Published: February 26, 2026  Category: Removal guides

What kind of malware is LSD? LSD is ransomware designed to encrypt files. In addition to blocking access to files, it appends the ".lsd" extension to files and generates a ransom note ("LSD_README.txt"). For example, it renames "1.jpg" to "1.jpg.lsd", "2.png" to "2.png.lsd", and so forth. LSD also ...

Published: February 25, 2026  Category: Removal guides

... gaming apps, such as Free Fire special editions, are open on the device, or when the attacker remotely specifies other target apps through their server. Screen-locking Capability SURXRAT includes a ransomware-style feature that can lock a victim’s device with a full-screen message and a PIN. The ...

Published: February 25, 2026  Category: Removal guides

... these malicious tools to deploy additional payloads, such as ransomware, cryptocurrency miners, and other types of malware, as well as to engage in other malicious activities. Typically, threat actors use RATs to steal passwords, credit card details, and other sensitive information and download files ...

Published: February 24, 2026  Category: Removal guides

What kind of malware is Run? We have examined the malware and concluded that Run is ransomware from the Makop family. Our discovery of the ransomware occurred while analysing samples submitted to VirusTotal. After execution, Run encrypts files and appends the victim's ID, an email address, and its ...

Published: February 22, 2026  Category: Removal guides

... document is received. The attached file ("FedEx Shipping Doc_ 775037409198.docx") is a malicious document. It contains hidden malware that activates after enabling macros (editing). The type of malware distributed through this attachment is currently unknown. That malware may be ransomware that encrypts ...

Published: February 22, 2026  Category: Removal guides

What kind of malware is Cortizol? Cortizol is ransomware that our team has discovered during an analysis of malware samples uploaded to VirusTotal. Our examination shows that Cortizol encrypts files and modifies their names by appending the victim's ID, an email address, and the ".Cortizol" extension. ...

Published: February 22, 2026  Category: Removal guides

What kind of malware is Payload? Payload is ransomware that we discovered while inspecting malware samples uploaded to VirusTotal. After execution, Payload encrypts files and appends the ".payload" extension to them. For example, it renames "1.jpg" to "1.jpg.payload" and "2.png" to "2.png.payload". ...

Published: February 19, 2026  Category: Removal guides

... remotely. This capability is often used to infect computers with other malware (e.g., ransomware or cryptocurrency miners). Additionally, Moonrise can monitor user activity using screen capture and screen streaming tools. It may also access the webcam and microphone to record audio and video. It also ...

Published: February 19, 2026  Category: Removal guides

... deceptive message appears. This message claims that the user's PC is compromised by 214 viruses. It mentions serious threats such as account-stealing trojans, remote-access backdoors, ransomware encryptors, keylogging spyware, and credential-harvesting malware. It also warns that these threats may ...

Published: February 18, 2026  Category: Removal guides

What kind of malware is Strike? Strike is ransomware belonging to the MedusaLocker family. We discovered it while inspecting samples uploaded to VirusTotal. Upon execution, Strike encrypts files and appends the ".strike7" extension (the number in the extension may vary). For instance, it renames "1.jpg" ...

Published: February 17, 2026  Category: Removal guides

... and even install additional malicious software (e.g., ransomware or cryptocurrency miners). It is also possible that Phexia includes a keystroke logger, a tool commonly used to collect sensitive information by extracting data entered by the victim on the infected device. Its information-stealing capabilities ...

Published: February 16, 2026  Category: News

... of risk. Extortion campaigns, ransomware attacks, and hack-and-leak operations against the broader manufacturing sector, which includes many defense suppliers, pose significant threats to supply chain integrity. These incidents can disrupt production timelines, leak sensitive design information, or undermine ...

Published: February 16, 2026  Category: Removal guides

What kind of malware is BuP1w (Ran$omClub)? While inspecting malware samples uploaded to VirusTotal, we discovered BuP1w, a ransomware that encrypts data and appends the ".BuP!w3" extension to files. For instance, it renames "1.jpg" to "1.jpg.BuP!w3", "2.png" to "2.png.BuP!w3", "3.exe" to "3.exe.BuP!w3", ...

Published: February 16, 2026  Category: Removal guides

What kind of malware is 0apt Locker? 0apt Locker is ransomware that prevents access to files by encrypting them. In addition to encrypting data, 0apt Locker appends the ".0apt" extension to files, changes the desktop wallpaper, and provides a ransom note ("README0apt.txt"). An example of how files ...

Published: February 12, 2026  Category: Removal guides

What kind of malware is Chip? We have examined the malware and found it to be ransomware from the MedusaLocker family. Our discovery of Chip occurred during an analysis of samples submitted to VirusTotal. We determined that Chip encrypts files and appends the ".chip1" extension (the number may vary). ...

Published: February 12, 2026  Category: Removal guides

What kind of malware is ZETARINK? During our analysis of malware samples submitted to VirusTotal, we discovered ZETARINK, a ransomware. When executed on a device, ZETARINK encrypts files, changes the desktop wallpaper, generates a ransom note named "ZETARINK[random_string]-HOW-TO-DECRYPT.txt", and ...