Search results for: ransomware

Published: June 24, 2026  Category: Removal guides

What kind of malware is Payouts Kings? Payouts Kings is ransomware first documented by security researchers at Zscaler. We also investigated this threat through samples available on VirusTotal. It encrypts files on corporate networks, appends a hardcoded extension to their names, and creates a ransom ...

Published: June 21, 2026  Category: Removal guides

What kind of malware is Prinz Eugen? Prinz Eugen is ransomware written in the Go programming language and first publicly documented by ThreatDown; our team also examined samples submitted to VirusTotal. It encrypts files and appends a .prinzeugen extension to every affected filename, making them impossible ...

Published: June 16, 2026  Category: Removal guides

What kind of malware is Friends? Friends is ransomware our research team identified while examining new malware samples submitted to VirusTotal. It encrypts files on the victim's machine and demands payment for a decryption key. The attackers also claim to have stolen sensitive data and threaten to ...

Published: June 15, 2026  Category: Removal guides

What kind of malware is Hommy? Hommy is a ransomware-type program that we discovered during a routine inspection of new submissions to the VirusTotal website. Hommy belongs to the Makop ransomware family. It encrypts files, renames them, drops a ransom note ("+README-WARNING+.txt"), and changes the ...

Published: June 07, 2026  Category: Removal guides

What kind of malware is Qv? Qv is ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. It encrypts victims' files, appends a complex extension to each filename, and drops a ransom note demanding payment for decryption. On our test machine, ...

Published: May 30, 2026  Category: Removal guides

What kind of malware is MORTAR? MORTAR is ransomware we discovered during a routine inspection of new submissions to the VirusTotal website. It targets corporate networks, encrypts files, and drops a ransom note named README-[victim's ID].txt. On our test machine, MORTAR appended a unique victim ...

Published: May 24, 2026  Category: Removal guides

What kind of malware is Gines? Gines is ransomware belonging to the Makop family. We discovered it while examining new malware samples submitted to the VirusTotal website. It encrypts files, appends a complex extension to their filenames, drops a ransom note, and changes the desktop wallpaper. On ...

Published: May 19, 2026  Category: Removal guides

What kind of malware is GodDamn? GodDamn is ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. It encrypts files and appends a unique victim ID and the .God8Damn extension to their filenames. It also creates a ransom note in a text file ...

Published: May 18, 2026  Category: Removal guides

What kind of malware is NBLock Black? NBLock Black is ransomware that our team has discovered during an examination of malware samples uploaded to VirusTotal. Our analysis shows that NBLock Black encrypts files and modifies filenames. It changes filenames to a random string and appends a random extension. ...

Published: May 14, 2026  Category: Removal guides

What kind of malware is LQTOREQ? During our inspection of malware samples uploaded to VirusTotal, we discovered LQTOREQ, which is ransomware designed to encrypt files. Also, LQTOREQ appends the ".lqtoreq" extension to files. For instance, it renames "1.jpg" to "1.jpg.lqtoreq", "2.png" to "2.png.lqtoreq", ...

Published: May 11, 2026  Category: Removal guides

What kind of malware is Lockdown? Lockdown is ransomware designed to block access to files by encrypting them. In addition to encrypting data, it appends its extension (".crypt_lock") to files. For example, it renames "1.jpg" to "1.jpg.crypt_lock", "2.png" to "2.png.crypt_lock", and so forth. Lockdown ...

Published: May 11, 2026  Category: Removal guides

What kind of malware is Vile? Vile is ransomware that we discovered during an inspection of samples uploaded to VirusTotal. After execution, this ransomware encrypts files and provides a ransom note ("VILE_README.txt"). It also displays a pop-up message and appends the ".vile" extension to files. For ...

Published: May 10, 2026  Category: Removal guides

What kind of malware is Lalia? Lalia is ransomware that we discovered while analyzing malware samples uploaded to VirusTotal. Once a device is infected, Lalia encrypts files and changes their filenames by appending the ".lalia" extension. For example, it renames "1.jpg" to "1.jpg.lalia" and "2.png" ...

Published: May 06, 2026  Category: Removal guides

What kind of malware is Aur0ra? Aur0ra is a ransomware-type program analyzed after it was submitted to VirusTotal. It encrypts victims' files to block access to them, and also claims to have exfiltrated confidential data from the compromised system prior to encryption. This dual-threat approach means ...

Published: May 06, 2026  Category: News

The lines between cybercrime and state-sponsored espionage continue to blur. Iranian threat actors now adopt ransomware tradecraft to conceal intelligence-gathering operations. Recent investigations into attacks by the Iranian-linked MuddyWater group show a sophisticated evolution in tactics. Here, ...

Published: May 04, 2026  Category: Removal guides

What kind of malware is BAVACAI? BAVACAI is ransomware that we discovered while examining malware samples submitted to VirusTotal. It belongs to the MedusaLocker ransomware family. BAVACAI encrypts files stored on the victim's computer and exfiltrates data from the network, then demands a ransom in ...

Published: May 03, 2026  Category: Removal guides

What kind of malware is BARADAI? BARADAI is ransomware we found while examining malware samples submitted to VirusTotal. It belongs to the MedusaLocker ransomware family. Upon infiltrating a system, BARADAI encrypts files, appends the ".BARADAI" extension to their filenames, and creates an HTML ransom ...

Published: May 03, 2026  Category: Removal guides

What kind of malware is Rex? Rex is ransomware that our researchers discovered while examining malware samples uploaded to the VirusTotal website. It encrypts files stored on the victim's system, appends a new extension to each filename, creates an HTML ransom note, and claims to have stolen confidential ...

Published: April 29, 2026  Category: Removal guides

What kind of malware is Dominus? Dominus is ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. It encrypts files on the victim's computer and demands payment in exchange for decryption. Dominus also claims to steal sensitive data before ...

Published: April 26, 2026  Category: Removal guides

What kind of malware is KRYBIT? KRYBIT is ransomware that our team discovered while examining malware samples uploaded to VirusTotal. Once executed, it encrypts files and appends the ".KRYBIT" extension to files. For instance, it renames "1.jpg" to "1.jpg.KRYBIT", "2.png" to "2.png.KRYBIT", and so ...

Published: April 23, 2026  Category: Removal guides

What kind of malware is Net? Net is ransomware that we uncovered while examining malware samples submitted to VirusTotal. After execution, Net makes files inaccessible by encrypting them. Also, the ransomware appends the ".net6" extension to files (the number in it may vary) and provides a ransom note ...

Published: April 23, 2026  Category: News

Ransomware operators adopt whatever creates the most pressure on victims. This may mean faster encryption, stronger extortion tactics, or deeper attacks on virtual infrastructure. In 2026, the Kyber ransomware group added a new layer of psychological and technical pressure by claiming to use post-quantum ...

Published: April 21, 2026  Category: Removal guides

What kind of malware is Hnx911? Hnx911 is ransomware from the Xorist family. Our team discovered it during an inspection of malware samples uploaded to VirusTotal. Once executed, Hnx911 encrypts the victim's files and appends the ".hnx911" extension. It also creates a ransom note "HOW TO DECRYPT FILES.txt" ...

Published: April 21, 2026  Category: Removal guides

What kind of malware is Cooked? Our team discovered Cooked while analyzing samples submitted to VirusTotal. Our examination has shown that this is ransomware designed to encrypt files, provide a ransom note ("Readme.txt"), and add its extension (".cooked") to files. For example, it renames "1.jpg" ...

Published: April 20, 2026  Category: News

Ransomware operators continue to refine their playbooks. The latest evolution of the Gentlemen ransomware shows how fast these groups adapt to scale and stay stealthy. It began as a relatively new ransomware-as-a-service (RaaS) operation in mid-2025. It has already matured into a more dangerous enterprise ...

Published: April 20, 2026  Category: Removal guides

What kind of malware is Draxo? We have examined the malware and found that Draxo is ransomware. Our discovery of this ransomware occurred during an inspection of samples uploaded to VirusTotal. Once launched, Draxo encrypts files and appends four random characters to filenames. For instance, it renames ...

Published: April 19, 2026  Category: Removal guides

What kind of malware is Black TENGU? Black TENGU is ransomware that our team found while examining samples uploaded to VirusTotal. Once executed, Black TENGU encrypts files and changes their names by appending the ".TENGU" extension. For instance, it renames "1.jpg" to "1.jpg.TENGU" and "2.png" to ...

Published: April 19, 2026  Category: Removal guides

What kind of malware is UNC? UNC is ransomware from the Dharma family. Our team has discovered this ransomware during an analysis of malware samples uploaded to VirusTotal. After execution, UNC encrypts files and appends the victim's ID, an email address, and the ".UNC" extension to them. It also displays ...

Published: April 13, 2026  Category: Removal guides

What kind of malware is Elite Enterprise? Our research team identified Elite Enterprise while analyzing new file submissions on VirusTotal. Elite Enterprise is ransomware that encrypts files on compromised machines and demands a ransom for decryption. Unlike most ransomware, it does not append any ...

Published: April 06, 2026  Category: Removal guides

What kind of malware is NBLock? NBLock is ransomware that we have discovered during our routine examination of samples uploaded to VirusTotal. This ransomware encrypts files and appends its extension (".NBLock") to them. In addition to locking files, NBLock changes the desktop wallpaper and drops a ...