Nsemad is a malicious program, which is part of the Snatch ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all compromised files are appended with the ".nsemad" extension. For example, a file originally titled something like "1.jp
HOTEL is part of the Phobos ransomware family. This malware encrypts files, modifies their filenames, and generates two ransom messages ("info.hta" and "info.txt"). HOTEL renames files by adding the victim's ID, ICQ_username of its developers, and appending the ".HOTEL" extension to filenames. Fo
Discovered by Jakub Kroustek, SUKA is malicious software belonging to the Dharma ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are renamed following this pattern:
psalrausoa[.]com is often visited by users intentionally - these sites are opened when people click dubious, deceptive ads, visit other bogus websites, or have potentially unwanted applications (PUAs) installed on browsers and/or operating systems. There are many sites similar to psalrausoa[.]com
OnlineStreamSearch hijacks browsers by modifying settings. In this case, by assigning them to onlinestreamsearch.com, a fake search engine. Like most browser hijackers, OnlineStreamSearch is likely to also collect browsing data. People often download and install apps such as OnlineStreamSearch (b
Weui belongs to the Djvu ransomware family. It encrypts and renames victims' files, and creates a ransom message. Weui modifies the filenames of all encrypted files by appending the ".weui" extension. For example, "1.jpg" is renamed to "1.jpg.weui", "2.jpg" to "2.jpg.weui", and so on. It also cre
RestorFile is a malicious program belonging to the Matrix ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, affected files are renamed with a random character string and the ".[RestorFil
starmode[.]biz and similar sites are generally opened due to potentially unwanted applications (PUAs). I.e., users do not often visit these pages intentionally. People also arrive at these websites by clicking deceptive ads or through other bogus websites. Some examples of other web pages that are
CoVideoSearch promotes a fake search engine (covideosearch.com) by modifying web browser settings and is also likely to collect browsing data. Users often download and install browser hijackers inadvertently and, for this reason, CoVideoSearch is categorized as a potentially unwanted application (
StreamSearchWizard is a browser hijacker. It operates by making alterations to browser settings to promote streamsearchwizard.com (a bogus search engine). In addition, most browser hijackers can gather browsing-related information. Therefore, it is likely that StreamSearchWizard also has these dat