Team Punisher is a ransomware-type program designed to encrypt data and demand ransoms for decryption. On our test machine, this malware encrypted files and appended their filenames with a ".punisher" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.punisher", "2.png" as
While inspecting new submissions to VirusTotal, our researchers found a new ransomware that belongs to the Xorist ransomware family, which is named Ety. Ransomware is designed to encrypt data and demand payment for decryption. Once executed on our test system, Ety began encrypting files and chang
While analyzing theupgradedata[.]com, we learned that it is a deceptive website designed to lure visitors into agreeing to receive notifications. Also, theupgradedata[.]com redirects to other untrustworthy pages. Our team discovered theupgradedata[.]com while examining pages that use rogue adverti
After examining this email, our team concluded that it is a phishing email sent by scammers who seek to extract sensitive information from recipients. This scam email is disguised as a letter from an email service provider. It contains a link to a phishing website. Thus, it should be marked as spa
Our analysis of the "New Update On Your Account" email revealed that it is spam. This letter states that the recipient's email needs to be updated and redirects them to a phishing website targeting the account's log-in credentials. In addition to losing their email accounts, successfully scammed v
CRASH is ransomware (one of the Dharma ransomware family's variants). It encrypts files, modifies filenames (by appending the victim's ID, netcrash@msgsafe.io email address, and the ".CRASH" extension to filenames), and provides two ransom notes (displays a pop-up window and drops the "info.txt" f
Just is one of the ransomware variants belonging to the Dharma ransomware family. It encrypts files and appends the victim's ID, justdoit@onionmail.org email address, and ".just" extension to filenames. Also, Just drops "FILES ENCRYPTED.txt" file and displays a pop-up window (both containing a ran
Our researchers discovered the mydailydatareport[.]site rogue page while inspecting dubious websites. It promotes online scams and browser notification spam. Furthermore, it can redirect visitors to other (likely untrustworthy/malicious) sites. Most users enter webpages like mydailydatareport[.]si
Webfreshupdater[.]com is a rogue webpage that our researchers discovered while investigating suspicious sites. It promotes browser notification spam and redirects visitors to different (likely untrustworthy or malicious) websites. Users typically access pages akin to webfreshupdater[.]com through
After checking out the "Your Password Is About To Expire Tomorrow" email, we determined that it is spam. Letters belonging to this campaign operate as phishing scams targeting email account log-in credentials. These fake message urge recipients to avoid their password expiration and redirect to a