The Professeur Ransomware is a new strain of file-encrypting malware based on the infamous Jigsaw Ransomware. The email address (zemblax@protonmail.com) displayed in the ransom note suggests that it's distributed by the threat actors behind two other Jigsaw -based threats – Zemblax and ElvisPresley. What's Special about the Professeur Ransomware?   Being new relatively, it's still not completely clear how the hackers are distributing the Professeur Ransomware, but it's safe to say...

The CLUB Ransomware is yet another member of the ever-growing Dharma Ransomware family. There is nothing special about the CLUB Ransomware, particularl, that would set it apart from its cousins, except the bad actors using a different contact email and the encrypted files receiving a different extension. Otherwise, the CLUB Ransomware behaves like other Dharma clones – it encrypts a large number of file types on the victi's computer, makes them inaccessible, and then demands payment in...

The WELL Ransomware is a strain of a larger ransomware family, known as Dharma Ransomware. The WELL Ransomware behaves more or less like other variants of the Dharma family; the WELL Ransomware encrypts the victim's files and leaves them inaccessible, demanding ransom payment. Any file encrypted by the WELL Ransomware receives a '.well' extension and has its previous filename modified. In this way, an image named "campfire.jpg" will become "campfire.jpg.id-[victim...

The VIVELAG Ransomware is a file-locking Trojan that's a variant of a previous one, the Sapphire Ransomware. Its campaign is targeting gamers by imitating an update for an online gaming application before delivering its file-blocking encryption attack and a gaming-themed ransom note. Users should protect their digital media with properly-secured backups, use the free decryption key as necessary, and let their anti-malware products determine the safest means of uninstalling the VIVELAG...

The BOMBO Ransomware is a file-locking Trojan without a known family or Ransomware-as-a-Service affiliation. Its payload is typical for a threat of its kind and will block media files on your computer by encrypting them in a way that may not be reversible. In most cases, anti-malware products will remove the BOMBO Ransomware, and attention to backup security can prevent permanent data loss. RaaS businesses make up the bulk of file-locking Trojans, but there always is room for independent...

The Nlah Ransomware is a file-locking Trojan that's part of the STOP Ransomware Ransomware-as-a-Service. The Nlah Ransomware stops your files from opening by encrypting them, blocks security websites, removes some backups, and conducts other attacks to sell its ransom service. Users should protect their work through securing and updating their backup while having anti-malware solutions for removing the Nlah Ransomware properly. Since its introduction to the wild in years past, the STOP...

The Hex911 Ransomware is a file-locking Trojan that keeps various files, mainly, digital media, from opening. It may add different extensions onto their filenames as indicators of their hostage status, and solicits expensive Bitcoin payments for its unlocking help. Users should let their anti-malware products contain or delete the Hex911 Ransomware on sight and review their backup strategies for weaknesses against encryption attacks. A new file-locking Trojan with at least two variants is...

File-encryption Trojans continue to be very popular among cybercriminals, and one of the most popular ransomware families in the past two years has been the STOP Ransomware. Thanks to it, dozens of cybercriminals have been able to launch their own file-locker, and one of the latest inclusions to the long list of malware based on the STOP Ransomware is called the ZIPE Ransomware. Unfortunately, users who fall victim to ZIPE Ransomware's attack will end up unable to access many of their...

The Vfcfocxp Ransomware is a file-locking Trojan that's a part of the Snatch Ransomware family. The threat actor associated with this family may use a password or software-related vulnerability for compromising targets and conduct other attacks, such as collecting information. Users should have remote backups for recovering any files and anti-malware protection for deleting the Vfcfocxp Ransomware. The Snatch Ransomware group is an outlier from most file-locking Trojans that belong to a...

The Pezi Ransomware is a file-locking Trojan that's part of STOP Ransomware's family. The Pezi Ransomware can keep media on your PC from opening by encrypting it, and conduct other, assorted attacks, such as removing backups. Users should back their work up to separate devices for maximized safety and let their anti-malware products remove the Pezi Ransomware as they detect it. Head-to-head in rented-out variations to the equally-huge Dharma Ransomware family, the STOP Ransomware is a...

The PonyFinal Ransomware is a file-locking Trojan that prevents documents and other files from opening on your computer as part of a ransoming scheme. It typically gains access to systems with the manual intervention of the threat actor, which brute-forces weak server security. Windows users can protect their files with backups on other devices, robust login credential choices, and the usual anti-malware products that should delete the PonyFinal Ransomware on sight. Criminals Demanding an...

The Unicorn Ransomware is a file-locking Trojan that tries to hold the user's media hostage by encrypting files, such as documents. The Unicorn Ransomware includes a partially-randomized extension for each file's name, a change to the wallpaper, and a Coronavirus-themed pop-up that may relate to its distribution tactic. The usual precautions of anti-malware programs for removing the Unicorn Ransomware and backups for recovering data should suffice for countering infections. The...

The CovidWorldCry Ransomware is a file-locking Trojan that stops files on your PC from opening, including both many formats of media and some system files. The CovidWorldCry Ransomware also can disrupt other programs and tamper with local backup information as part of its extortion-focused payload. Users can keep offsite backups for recovering without paying the ransom, although a professional anti-malware product may delete the CovidWorldCry Ransomware on sight safely. File-locking...

The Instabot Ransomware is a file-locking Trojan and a possible variant of the STOP Ransomware Ransomware-as-a-Service. Its foremost symptoms include stopping media files from opening by encrypting their data and creating messages with Bitcoin ransom demands. Users should have backups for recovering freely, and anti-malware programs for deleting the Instabot Ransomware as soon as possible. A nearly three-decade-old AV company is offering analyses of what they claim is a brand-new member of...

The Covm Ransomware is a file-locking Trojan that's from the Ransomware-as-a-Service known as STOP Ransomware and Djvu Ransomware . While its identifying characteristic is stopping files from opening for a ransom, it also may include side effects like blocking websites and wiping backups. Professional anti-malware tools will delete the Covm Ransomware ordinarily automatically, and offsite backups can provide an always-reliable file recovery. While Ransomware-as-a-Service may rise and fall...