Search results for: ransomware

Published: January 01, 2026  Category: Removal guides

What kind of malware is Cyberware? Cyberware is ransomware that we discovered while examining malware samples submitted to VirusTotal. Our analysis has revealed that Cyberware encrypts files and appends the ".CYBER" extension to them. Additionally, the ransomware changes the desktop wallpaper and generates ...

Published: December 29, 2025  Category: Removal guides

What kind of malware is GoodGirl? GoodGirl is ransomware that our team has discovered during a routine inspection of malware samples uploaded to the VirusTotal platform. Upon execution, GoodGirl encrypts files, changes the desktop wallpaper, and creates a text file ("#Read-for-recovery.txt") containing ...

Published: December 28, 2025  Category: Removal guides

What kind of malware is Asyl? Asyl is ransomware belonging to the Makop family. Our team has discovered it during an examination of samples submitted to VirusTotal. Once a device is infected with Asyl, the ransomware encrypts files, changes the desktop wallpaper, provides a ransom note ("+README-WARNING+.txt"), ...

Published: December 22, 2025  Category: Removal guides

What kind of malware is Ripper? While analysing malware samples uploaded to VirusTotal, we found Ripper, which is ransomware designed to encrpypt files. In addition to blocking access to files, Ripper changes the desktop wallpaper, creates a ransom note ("READ_NOTE.html"), and appends the ".ripper12" ...

Published: December 22, 2025  Category: Removal guides

What kind of malware is Lockis? Lockis is ransomware from the GlobeImposter family. We discovered it while inspecting malware samples submitted to VirusTotal. During our examination, we found that Lockis encrypts files and appends the ".lockis" extension to them. It also creates a text file ("how_to_back_files.html") ...

Published: December 21, 2025  Category: News

In December 2025, cybersecurity researchers observed a significant increase in the RansomHouse ransomware-as-a-service (RaaS) toolset. This signals a concerning trend in adversary capabilities. RansomHouse operators enhanced their encryption engine with a new variant called "Mario." It replaced an ...

Published: December 20, 2025  Category: Removal guides

... about any type of infection – trojans, ransomware, cryptocurrency miners, and other malware. In practice, loaders typically operate within certain limitations or specifications. It must be mentioned that malware developers often improve upon their software and methodologies. Therefore, potential future ...

Published: December 17, 2025  Category: Removal guides

... they often contain highly sensitive information, and may even open an avenue for stealing linked accounts, platforms, or services. The purpose behind targeting work accounts is usually to attempt to infect the corporate network with trojans, ransomware, and other malware. Scammers can steal the account ...

Published: December 17, 2025  Category: Removal guides

What kind of malware is VantaBlack? While inspecting malware samples submitted to VirusTotal, our team discovered ransomware known as VantaBlack. The purpose of this malware is to encrypt files and demand ransom for their release. It provides two identical ransom notes ("!HOW TO RESTORE!.txt" and "!README!.txt") ...

Published: December 16, 2025  Category: Removal guides

... endorse online scams (e.g., affiliate, phishing, tech support, etc.), untrustworthy/hazardous software (e.g., adware, browser hijackers, PUAs, etc.), and malware (e.g., trojans, ransomware, cryptominers, etc.). In summary, through websites like kukinfan[.]com – users may experience system infections, ...

Published: December 16, 2025  Category: Removal guides

... endorse scams, and spread malware by sharing malicious links or files. Work accounts are often targeted in order to try to infect the corporate network with trojans, ransomware, and other malware. Hijacked finance-related accounts can be used to make fraudulent transactions and online purchases. To ...

Published: December 16, 2025  Category: Removal guides

What kind of malware is 01Flip? 01Flip is a ransomware-type program written in the Rust programming language. It encrypts data and demands payment for the decryption. This is a cross-platform malware capable of infecting Windows and Linux operating systems. 01Flip first drops its ransom note – "RECOVER-YOUR-FILE.TXT" ...

Published: December 16, 2025  Category: Removal guides

... criminals' modus operandi and the type of account compromised. Work accounts are often targeted with the goal of infecting the corporate network with malware (e.g., trojans, ransomware, etc.). Stolen accounts (particularly emails) may be leveraged to gain access to connected accounts/platforms/services, ...

Published: December 16, 2025  Category: Removal guides

... scams (phishing, tech support, etc.), untrustworthy/dangerous software (potentially unwanted applications, adware, browser hijackers, etc.), and malware (trojans, ransomware, etc.). To summarize, through webpages like jugingnonsne[.]com – users can experience system infections, serious privacy issues, ...

Published: December 15, 2025  Category: Removal guides

... etc.) and request loans or donations from contacts/friends/followers, endorse scams, and spread malware by sharing malicious links or files. Work accounts are commonly targeted with the goal of infecting the corporate network with trojans, ransomware, or other malware. Stolen finance-related accounts ...

Published: December 15, 2025  Category: Removal guides

What kind of malware is Pryct? Our researchers discovered Pryct ransomware while inspecting file submissions to the VirusTotal platform. This malware is designed to encrypt the victim's data in order to demand a ransom for its decryption. On our testing system, Pryct encrypted files and added a ".pryct" ...

Published: December 15, 2025  Category: Removal guides

... will be released in 24 hours. It mentions three supposed infections, including high-risk Trojans and a critical ransomware file, with their file paths. The alert states that the subscription expired on a specific date and urges the user to renew immediately to remove the threats and restore real-time ...

Published: December 14, 2025  Category: Removal guides

... campaigns. These ads can endorse online scams (technical support, phishing, etc.), unreliable/dangerous software (adware, browser hijackers, potentially unwanted applications, etc.), and malware (ransomware, trojans, cryptominers, etc.). In summary, through websites like untiested[.]com (and their ...

Published: December 14, 2025  Category: Removal guides

What kind of malware is ShadowLock? Our team has inspected ShadowLock (which we found while inspecting samples on VirusTotal) and concluded that it is ransomware that blocks access to files by encrypting them. It also changes filenames (by appending the ".LOCKEDxX" extension) and provides a ransom ...

Published: December 11, 2025  Category: Removal guides

... platforms, and services (e.g., file transfer, cloud storage, social networking, social media, entertainment, e-commerce, online banking, etc.). Work accounts are commonly targeted to attempt to infect the corporate network with malware (e.g., trojans, ransomware, etc.). Scammers can steal the account ...

Published: December 11, 2025  Category: Removal guides

What kind of malware is XEX? While browsing new submissions to the VirusTotal website, our researchers discovered the XEX ransomware. This malware is designed to encrypt data and demand payment for the decryption. After the XEX malware was executed on our testing system, it encrypted files. Yet, ...

Published: December 11, 2025  Category: Removal guides

What kind of malware is Frenesis Nexus? We have inspected the Frenesis Nexus malware and found that it operates as ransomware. Our team came accross this ransomware during an examination of samples submitted to VirusTotal. Once Frenesis Nexus is executed, it encrypts files and appends its extension ...

Published: December 11, 2025  Category: Removal guides

What kind of malware is DEVMAN 21? Our analysis shows that DEVMAN 21 is ransomware designed to encrypt files. We discovered it while inspecting samples uploaded to VirusTotal. Once executed, DEVMAN 21 not only encrypts data, but it also appends its extension (".devman21") to files and drops a text ...

Published: December 10, 2025  Category: Removal guides

... are used to promote various scams, not just affiliate ones. Other commonly endorsed scams include phishing, refund, sextortion, and tech support. This mail is also used to proliferate trojans, ransomware, and other types of malware. "Your Email Has Been Flagged As A Spam Sender", "Webmail - IMAP Authentication ...

Published: December 10, 2025  Category: Removal guides

What kind of malware is Cod? While reviewing file submissions to the VirusTotal site, our research team discovered the Cod ransomware. This malicious program is part of the Makop ransomware family. Malware of this kind encrypts data and demands a ransom for the decryption. Once we executed a sample ...

Published: December 10, 2025  Category: Removal guides

What kind of malware is DroidLock? DroidLock is Android malware that behaves much like ransomware. However, unlike typical ransomware, it does not encrypt files. The malware blocks victims from using their devices and can view or even delete different types of data. Cybercriminals utilize DroidLock ...

Published: December 10, 2025  Category: Removal guides

What kind of malware is Cooseagroup? Cooseagroup is a ransomware discovered by our researchers during a routine inspection of new file submissions to the VirusTotal website. Malware of this kind operates by encrypting data in order to demand a ransom for its decryption. On our test machine, Cooseagroup ...

Published: December 10, 2025  Category: News

Over the past year, security researchers have spotlighted a growing menace in the ransomware ecosystem: a packer-as-a-service known as Shanya. The rise of Shanya shows how modern attackers outsource core workflow parts. They now rely on services for obfuscation and endpoint detection and response (EDR) ...

Published: December 10, 2025  Category: Removal guides

What kind of malware is NOCT? NOCT is ransomware that we have discovered during an analysis of samples submitted to VirusTotal. Our inspection shows that NOCT encrypts files, appends the ".NOCT" extension to filenames, changes the desktop wallpaper, and drops a ransom note ("READ_ME.txt"). An example ...

Published: December 09, 2025  Category: Removal guides

... have investigated thousands of spam campaigns. This mail is used to promote various scams, not just phishing. Other prevalent scam types include technical support, advance fee, refund, sextortion, and so on. Spam emails are also used to proliferate all kinds of malware – trojans, ransomware, cryptocurrency ...