Zoom is the name of ransomware that encrypts files, changes the desktop wallpaper, and creates the "recover-youe-all-files.txt" file (a ransom note). It also renames files (it appends the ".zoom" extension to filenames). For example, Zoom renames a file named "1.jpg" to "1.jpg.zoom", "2.jpg" to "2
Gofenews[.]com uses a clickbait technique to trick visitors into receiving notifications from it and redirects users to various potentially malicious pages. There are plenty of pages like gofenews[.]com on the Internet, for example, untiljusttyerece[.]xyz, news-cofade[.]cc, and ukndaspiratioty[.]x
Scott.Armstrong is the name of the malware that encrypts files, appends the ".LOCKED" extension to filenames of all encrypted files, and generates two ransom notes "HOW_TO_RECOVER_MY_FILES.txt" and "HOW_TO_RECOVER_MY_FILES.hta"). For example, it renames a file named "1.jpg" to "1.jpg.LOCKED", "2.
Untiljusttyerece[.]xyz is a page designed to open potentially malicious pages and ask for permission to deliver notifications. There is a very small chance that users would open this page intentionally. Typically, websites of this type get opened through other dubious pages, shady advertisements,
Willow encrypts files and appends the ".willow" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.willow", "2.jpg" to "2.jpg.willow", and so on. It also changes the desktop wallpaper and creates the "READMEPLEASE.txt" file. Screenshot of a message encouraging users to pay
News-cofade[.]cc asks for permission to show notifications and redirects visitors to untrustworthy websites. There are lots of pages like news-cofade[.]cc on the Internet, for example, totalcoolblog[.]com, ukndaspiratioty[.]xyz, and freegiveawaystodayonly[.]com. Users do not visit them intentional
Rugj ransomware belongs to a family of ransomware called Djvu. This variant encrypts files and appends the ".rugj" extension to their filenames. For example, it renames "1.jpg" file to "1.jpg.rugj", "2.jpg" file to "2.jpg.rugj", and so on. Rugj also generates a ransom note, the "_readme.txt" file.
Totalcoolblog[.]com loads its content to get permission to deliver notifications and redirects visitors to various questionable web pages. This page gets opened through other dubious sites, advertisements, and (or) potentially unwanted applications (PUAs). Either way, it is unlikely that totalcool
WhiteHorse ransomware is a type of malware that encrypts files, modifies their filenames, and creates the "#Decrypt#.txt" file (a ransom note). It renames files by appending ".WhiteHorse" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.WhiteHorse", "2.jpg" to "2.jpg.WhiteHo
Ukndaspiratioty[.]xyz has two purposes: get permission to show notifications and open questionable pages. A couple of examples of other pages like ukndaspiratioty[.]xyz are romantic-dates[.]top, music-home[.]info, and mateyhecrie[.]xyz. It is very uncommon for these pages to be opened/visited on p