Viruses

Grounding Conductor is a type of malware known as ransomware. Its primary purpose is to prevent victims from accessing their files by encrypting them. This ransomware variant is also known as a Crypto Virus or Files locker due to its encryption capabilities. Grounding Conductor ransomware adds a specific extension to the files it encrypts. The file renaming pattern is [original_filename].{victim's_ID}.Grounding Conductor.zip. For example, a file originally named photo.jpg might be renamed to photo.{12345678-1234-1234-1234-123456789012}.Grounding Conductor.zip. Grounding Conductor ransomware uses a specific encryption method to lock the files of its victims. The encrypted files include a file marker at the end of each encrypted file: &XChaCha20 or XChaCha20. After encrypting the files, Grounding Conductor ransomware leaves a ransom note named readme.txt. This note typically contains instructions for the victims on how to pay the ransom to get their files decrypted.

Ptqw Ransomware is a harmful file encryption virus that belongs to the STOP/DJVU family, which is notorious for malicious file ciphering. It is distributed via spam email containing infected attachments, fake software cracks, or by exploiting vulnerabilities in the operating system and installed programs. It can also spread through third-party websites offering paid programs for free, including cheat engines, keygens, and other tools used to modify the gaming process. Once the Ptqw Ransomware infects a computer, it encrypts the files using a strong AES-256 encryption key algorithm or the Salsa20 encryption algorithm. The encrypted files are then appended with the .ptqw extension, rendering them inaccessible and unusable. After encrypting the files, Ptqw Ransomware displays a ransom note in a _readme.txt file. This note contains instructions on how to contact the authors of the ransomware, usually via the support@freshmail.top and datarestorehelp@airmail.cc email addresses.

Poopy Butt-face Ransomware is a type of malicious software, or malware, that encrypts data on a victim's computer and demands payment for its decryption. It is a variant of the Chaos Ransomware. The ransomware is designed by cybercriminals to earn money, typically through Bitcoin payments. Once Poopy Butt-face Ransomware infects a system, it encrypts files and appends their filenames with a unique ID assigned to the victim, the cybercriminals' email address, and a .Poop extension. For example, a file initially titled 1.jpg might appear as 1.jpg.Poop. The process of adding new extensions to original filenames is only a visual formality and does not change the fact of file encryption. After encrypting the files, Poopy Butt-face leaves a ransom note, a text file named Pooop-ransom.txt.

GhostLocker is a type of ransomware developed by the GhostSec cybercriminal group. Ransomware is a type of malware designed to encrypt data and demand payment for its decryption. GhostLocker targets a wide range of data types, including documents, spreadsheets, drawings, images, movies, and videos. It is a derivative of the BURAN Ransomware and is distributed in a worldwide campaign. GhostLocker encrypts files and appends their names with a .ghost extension. For example, an original filename such as 1.jpg would appear as 1.jpg.ghost. The encryption process is simple – every file that gets encrypted becomes unusable. GhostLocker uses AES encryption, a symmetric encryption algorithm known for its speed and security. GhostLocker leaves a ransom note in a text file (lmao.html), warning against renaming the encrypted files or using third-party recovery tools, as this may lead to permanent data loss. The victim is also warned that seeking aid from third-parties or authorities will result in data loss and the stolen content getting leaked.

Mlap Ransomware is a malicious software that encrypts data on a victim's computer, rendering it inaccessible. It is a member of the Djvu ransomware family, which is known for its robust encryption methods and aggressive ransom demands. The Mlap ransomware specifically appends the .mlap extension to the filenames of the files it encrypts, transforming, for example, 1.jpg into 1.jpg.mlap. It uses the Salsa20 encryption algorithm, which is a robust ciphering algorithm typical for all other STOP/Djvu ransomware family members. This encryption algorithm generates a 78-digit number of possible decryption keys, making it nearly impossible to brute force the decryption. After completing the encryption process, Mlap ransomware drops a ransom note named _readme.txt on the victim's desktop. This note contains two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) and offers victims the opportunity to obtain decryption software and key for a price set at $980.

Locknet Ransomware is a type of malicious software that belongs to the MedusaLocker family. Its primary purpose is to encrypt files on a victim's computer, making them inaccessible. The ransomware also renames files by adding the .locknet extension to filenames. For instance, it changes a file named 1.jpg to 1.jpg.locknet, 2.png to 2.png.locknet, and so forth. Locknet Ransomware uses a combination of RSA and AES encryption algorithms to encrypt the files on the infected computer. These encryption methods are robust and secure, making it extremely difficult to decrypt the files without the specific decryption key. After encrypting the files, Locknet Ransomware creates a ransom note named HOW_TO_BACK_FILES.html. This note informs victims that their network has been breached and all important files have been encrypted. It warns against attempting to restore the files with third-party software, as this could permanently damage them. The attackers claim that only they can provide the decryption solution.

Mlza Ransomware is a malicious software that belongs to the STOP/DJVU family, known for its malignant file encryption operations. It is a fresh iteration within the Djvu ransomware lineage, with its primary aim being to encrypt files found on a compromised system. Once the Mlza ransomware infects a computer system, it targets various file types, encrypts them, and appends the .mlza extension to the file names. For instance, a file named 1.jpg would be renamed to 1.jpg.mlza. The ransomware uses the Salsa20 encryption algorithm, which, while not the strongest method, still provides an overwhelming amount of possible decryption keys. This encryption makes the files inaccessible and the decryption key almost impossible to find without cooperating with the attackers. Mlza ransomware generates a _readme.txt file containing a ransom note.

Mlrd Ransomware is a type of malicious software that belongs to the Djvu family, a notorious group of ransomware known for encrypting data on infected computers. This ransomware is a new variant of the STOP/DJVU ransomware family, which is infamous for its file-encrypting capabilities. It was discovered during a thorough analysis of samples on VirusTotal. Once the Mlrd ransomware infects a computer, it scans for files to encrypt. It targets a wide range of file types and appends the .mlrd extension to the filenames of the encrypted files. For instance, a file named 1.jpg would be transformed into 1.jpg.mlrd. Mlrd Ransomware uses the Salsa20 encryption algorithm to encrypt files. This is not the strongest method, but it provides an overwhelming amount of possible decryption keys, making it nearly impossible to brute force the decryption key. After the encryption process, Mlrd ransomware leaves behind a ransom note named _readme.txt.