Discovered by malware researcher, S!Ri, SatanCryptor is a ransomware-type malicious program. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, all files are renamed with "#_THIS_FILE_IS_ENCRYPTED_", unique ID codes, the developer's email ad
Discovered by Xavier Mertens, Node.js is a ransomware-type malicious software. This malware encrypts the data of infected devices and demands payment for decryption. When Node.js encrypts, files are appended with the ".encrypted" extension. Therefore, a file such as "1.jpg" would appear as "1.jpg
Listentoyoutube[.]online allows users to convert videos uploaded on YouTube to MP3 files, and then to download them. It is illegal to download videos from YouTube. Furthermore, listentoyoutube[.]online uses rogue advertising networks - it redirects users to various untrustworthy, potentially mali
Discovered by Michael Gillespie, AWT is malicious software that shares many similarities with Snc ransomware. This malware is designed to encrypt data and demand payment for decryption tools/software. When AWT encrypts, all files are renamed with a unique ID, the developer's email address and the
add-to-browser[.]xyz is an untrustworthy website. There are countless rogue web pages on the internet which present visitors with dubious content and/or redirect them to other dubious and malicious sites including, for example, grabthemp3.com, thegoodcaster.com, and 27news.biz. Note that add-to-b
pointmp3[.]com is the address of a website which offers an illegal service: it allows users to download audio from YouTube by converting uploaded videos to MP3 format. This website also employs rogue advertising networks. People who use pointmp3[.]com are redirected to various other untrustworthy
Devil is a part of Phobos, a family of ransomware-type programs. It renames encrypted files by appending the victim's ID, developer's email address and ".devil" extension to filenames. For example, a file such as "1.jpg" is renamed to a filename such as "1.jpg.id[1E857D00-2574].[decrypt4data@proto
Discovered by cyber security researcher Jack, c0hen Locker is a malicious program classified as ransomware. Malware within this classification is designed to encrypt the data of infected devices and then demand ransom payments from the victims (i.e., payment for decryption tools/software). When t
NEMTY 2.5 REVENGE was discovered by Raby. This ransomware renames encrypted files by appending the ".NEMTY_[string of random characters]" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.NEMTY_OF7X2YU", and so on. It also creates a ransom message within a text file, the nam
Criminals behind this spam campaign, which is classified as a sextortion scam, send emails to many people and hope that some will be tricked. Typically, scammers who send emails of this attempt to blackmail recipients with threats to send compromising, humiliating images or videos to their contact