Discovered by S!Ri, Roll Safe encrypts and renames victims' files, and displays a ransom message in a pop-up window. Roll Safe also renames encrypted files by appending the ".encrypted" extension to filenames. For example, "1.jpg" becomes "1.jpg.encrypted", and so on. Roll Safe displays a pop-
Part of the Phobos malware family, Bablo is a malicious program classified as ransomware. It operates by encrypting data and demanding ransom payments for decryption. During the encryption process, files are renamed with a unique ID, the developer's email address and the ".bablo" extension. For e
Converter King is a potentially unwanted application (PUA), a browser hijacker that supposedly operates as an online file converter. In fact, it promotes a fake search engine (search.converterkingtab.com) by changing browser settings and recording browsing data. In most cases, people download and
Discovered by Michael Gillett, "Cyber attack from Iran Government" is the title of an email scam that steals the log-in credentials of users' Microsoft accounts. This phishing scam claims that Microsoft servers have experienced a cyber attack, and therefore users' accounts have been locked to prot
Snake ransomware was discovered by MalwareHunterTeam. Research shows that cyber criminals behind it target business networks. Snake is designed to encrypt files stored on all computers within a network using the AES-256 and RSA-2048 cryptographic algorithms. It also creates a ransom message withi
turbonews[.]biz is a rogue website similar to toobotnews.biz, 27news.biz, wwserch42.biz, gusimp.net and thousands of others. It presents visitors with dubious/harmful content and/or redirects them to other untrustworthy or malicious web pages. Access to turbonews[.]biz and other, similarly dubiou
vpnshieldplus4[.]com is one of many deceptive websites claiming that visitors' iPhones are infected with viruses. These sites display fake virus warnings/alerts and encourage users to download and install applications that supposedly remove detected viruses. You should avoid and ignore websites
theworldofcontents[.]info is a scam website promoting a fake Flash Player updater. There are several variants of this scam with differing design/appearance, although the purpose is much the same. The site claims that visitors' Flash Players might be outdated and advises them to update the softwa
budscanner[.]com redirects visitors to various other untrustworthy, potentially malicious web pages. Typically, people do not visit websites such as budscanner[.]com intentionally. In most cases, they arrive at them after clicking dubious, deceptive advertisements, through visiting rogue websites
Discovered by dnwls0719, Crypton (Aurora) ransomware originates from a family of ransomware programs called Aurora. Crypton (Aurora) is designed to prevent victims from accessing or using data by encryption. It also renames each encrypted file by appending the ".crypton" extension to the filename.