Ransomware
What is the APT14CHIR Ransomware?
APT14CHIR is a type of ransomware that our team discovered during the analysis of samples submitted to the online threat databases. The ransomware's primary goal is to encrypt files and rename them by replacing their... Read more
Hhoo Ransomware Joins Host of Djvu Clones Targeting Files for Encryption
Our team discovered a new variant of ransomware belonging to the Djvu family called Hhoo while analyzing malware samples submitted to online threat analysis databases. Hhoo encrypts files and modifies the filenames by... Read more
What is the Proxima Ransomware Threat?
Proxima is a ransomware program that encrypts data and appends the filenames with a ".proxima" extension. After Proxima is deployed on a victim system, it drops a ransom-demanding message – "Proxima_Readme.txt" – onto... Read more
Hhmm Ransomware Joins Djvu Clone Family
A new variant of the Djvu ransomware, called Hhmm, has been discovered. It will encrypt files on a system and rename them with its own name as an extension. This includes executables, archives, documents and... Read more
What is Vvmm Ransomware?
We ran into Vvmm while going over samples submitted to online threat analysis databases. It is a ransomware variant that belongs to the Djvu family and encrypts data, appending the ".vvmm" extension to filenames of... Read more
What is LockBit Green Ransomware?
The LockBit ransomware gang has changed their encryptor to one based on the Conti ransomware source code leaks. They began with a custom one and progressed to LockBit 3.0, also known as LockBit Black, which was based... Read more
Baal Ransomware is a New Chaos Clone Designed To Encrypt Files For Ransom
During the examination of new threats submitted to online threat analysis databases, our team came across the Baal malware, which is based on the Chaos ransomware. We conducted a sample execution of the Baal... Read more
What is the DarkBit Ransomware?
While investigating new malware strains, our team came across DarkBit - a ransomware that operates by encrypting data and demanding ransoms for decryption. Upon launching a sample of DarkBit, it immediately begins... Read more
Hhee Ransomware is a Djvu Clone Targeting Files to Encrypt
Our team discovered a new ransomware variant, Hhee, which is part of the Djvu family. Hhee encrypts data and adds the ".hhee" extension to the affected files. After encryption, it leaves a "_readme.txt" ransom note... Read more
What is Garsomware Ransomware?
Our examination of Garsomware revealed that it is a type of ransomware based on the Chaos ransomware. It encrypts files to prevent victims from accessing them, and adds a unique extension of four random characters to... Read more
Vvoo Ransomware Joins Djvu Family
Vvoo is a new ransomware variant that is part of the Djvu ransomware family. Vvoo works by encrypting the majority of the files found on connected system drives in the victim system. Encrypted file types include media... Read more
Sapp Ransomware is a New Djvu Clone Using Encryption to Hold Files Hostage
Sapp is a type of ransomware that uses AES or RSA encryption algorithms to lock your files. The ransomware belongs to the Djvu family of clones. It adds the extension ".sapp" to the end of each file, making it... Read more
MortalKombat Ransomware Has Ties to Xorist to Steal Cryptocurrency
Starting from December 2022, researchers with Cisco Talos have been monitoring an unknown entity that has been using two pieces of recently discovered malicious software - MortalKombat ransomware and a GO variant of... Read more
Mikel Ransomware is a Proxima Clone That Targets Various File Types
Mikel is a type of ransomware that encrypts data and demands payment in exchange for its release. The new variant belongs to the Proxima family. The Mikel ransomware appends files with the ".mikel" extension. A ransom... Read more
ScareCrow Ransomware - What Is it and How Does it Work?
Our research team recently discovered ScareCrow, a ransomware-type program, while investigating new submissions to VirusTotal. After executing a sample on our test system, we noticed that the ransomware encrypted... Read more
What is PYAS Ransomware?
PYAS is a form of malicious software that encrypts files, making them inaccessible and appending the ".PYAS" extension to filenames. It also drops a "README.txt" file containing a ransom note informing victims that... Read more
Andrianov Ransomware is Another Chaos Clone
A new ransomware variant based on Chaos ransomware has been discovered by researchers. Named Andrianov, it encrypts data and changes filenames of all encrypted files, as well as the desktop wallpaper. It appends a... Read more
What is the Ransomwarebit Ransomware?
Ransomwarebit is a malicious software that our researchers have identified while examining samples sent to online threat analysis databases. It encrypts files, alters filenames, and creates a ransom note called... Read more
