Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops services, and creates the "README.txt" file containing a ransom note. It appends the ".yanluowang" extension to filenames. Cybercriminals behind Yanluowang are targeting enterprise entities and organizati
We found a new ransomware called Dkrf while examining malware samples submitted to VirusTotal. It was found that Dkrf is part of the Djvu ransomware family. The purpose of Dkrf is to encrypt files. Additionally, it renames files by appending the ".dkrf" extension to filenames and creates the "_rea
Eiur is the name of ransomware belonging to a ransomware family called Djvu. We have discovered Eiur during our analysis of malicious installers distributed using deceptive pages. It was found that this ransomware encrypts files, appends the ".eiur" extension to filenames, and provides a ransom no
We discovered the resourceslatest[.]com rogue webpage while inspecting unreliable sites. It operates by promoting scams, pushing browser notification spam, and redirecting visitors to different (likely dubious/malicious) sites. Users typically enter resourceslatest[.]com and similar pages via red
REVENLOCK is a ransomware-type program we discovered while inspecting new submissions to VirusTotal. We determined that this program is part of the MedusaLocker ransomware family. REVENLOCK encrypts files and appends their filenames with an extension. The variant we executed on our test system ap
DeliteOutward is a rogue app that our researchers found while checking out new submissions to VirusTotal. After analyzing this application, we discovered that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware displays advertisements o
Defendyourfiles[.]com is a rogue website that our researchers discovered while inspecting untrustworthy webpages. This page operates by hosting deceptive content, promoting browser notification spam, and redirecting visitors to other (likely dubious/malicious) sites. Most users access defendyourf
Reserve-availability[.]cfd is an untrustworthy page that runs a scam similar to "McAfee - Your PC is infected with 5 viruses!". Also, it asks visitors for permission to show notifications. Our team has discovered reserve-availability[.]cfd while examining other pages that use rogue advertising net
DeadLocker is the name of ransomware discovered by MalwareHunterTeam. It was found that DeadLocker encrypts files, appends the ".deadlocked" extension to filenames, changes the desktop wallpaper, and displays a pop-up (a ransom note). An example of how DeadLocker renames files: it changes "1.jpg"
YTStealer is a piece of malicious software classified as a stealer. Malware within this category aims to steal a wide variety of sensitive data. However, YTStealer targets very specific information - one relating to victims' YouTube accounts. Thus the goal of the attackers behind this program is t