Viruses

Byee Ransomware is a type of malicious software designed to encrypt data on a victim's computer and demand a ransom for its decryption. It was discovered during a routine inspection of new malware submissions to the VirusTotal platform. Byee encrypts files and appends their filenames with a .byee extension (e.g., 1.jpg becomes 1.jpg.byee). After the encryption process, it drops a ransom note titled read_it-EC.txt. Note reassures the victim that they can restore their files, which have been encrypted. The note concludes with the cybercriminals' contact information, which is provided via Telegram. The specific encryption algorithm used by Byee Ransomware is not known. However, modern ransomware often uses hybrid techniques that merge symmetric and asymmetric encryption.

Ttrd Ransomware is a variant of the Djvu family, which encrypts files on the victim's computer and demands a ransom for decryption. It uses the AES encryption algorithm to lock various file types, including videos, images, audios, and documents. This robust encryption method makes it difficult, if not impossible, to find the decryption key without the attackers' assistance. Once the files are encrypted, they become inaccessible, and the ransomware appends a .ttrd extension to the filenames. After encrypting the files, Ttrd Ransomware displays a ransom note in a text file named _readme.txt. The note provides guidance on how to establish contact with the attackers and outlines the pricing for decryption services. Victims are directed to communicate with the attackers using designated email addresses, such as support@freshmail.top or datarestorehelp@airmail.cc.

Glsadz.com is a deceptive website that exploits browser push notifications to bombard users with intrusive spam advertisements. It is categorized as a potentially unwanted program (PUP) and browser hijacker. The site uses fake browser errors to deceive users into enabling push notifications, claiming that they need to "Allow" notifications to fix the problem. Once enabled, Glsadz.com constantly bombards the user's device with inappropriate pop-up ads, even when the browser is closed. The spam push notifications promote various dubious products and services, such as adult and dating content, freemium games and apps, software update scams, and weight loss or brain enhancement supplements. Glsadz.com can infect various browsers, including Google Chrome, Mozilla Firefox, and Microsoft Edge. It can also affect devices running on different operating systems, such as Windows, macOS, Android, and iOS. To remove Glsadz.com notifications, you can follow the removal instructions provided below, which typically involve revoking the notifications permission for Glsadz.com in your browser's settings.

Ttwq Ransomware is a malicious software that encrypts files on a victim's computer and demands a ransom for their decryption. It belongs to the Djvu ransomware family and is often distributed alongside information stealers such as RedLine or Vidar. Ttwq encrypts files and modifies their filenames by adding the .ttwq extension. For example, it transforms 1.jpg into 1.jpg.ttwq and 2.png into 2.png.ttwq. The ransomware creates a text file called _readme.txt containing a message outlining the ransom demands. Ttwq Ransomware uses the Salsa20 encryption algorithm to encrypt files. Although it is not the strongest method, it still provides an overwhelming number of possible decryption keys, making it difficult to brute force the decryption key. The ransom note is placed in each folder containing encrypted files. The ransom amount demanded ranges from $490 to $980 in Bitcoins.

Meduza Ransomware, also known as MedusaLocker, is a malicious software that targets and encrypts files on a victim's computer, rendering them inaccessible. It was first observed in September 2023 and has since been targeting corporate victims worldwide. Meduza Ransomware operates as a Ransomware-as-a-Service (RaaS) model, collaborating with global affiliates to expand its reach and impact. Meduza Ransomware encrypts files using the AES-256 encryption algorithm and appends .meduza24 extension. After encrypting the files, it deletes any file backups it can find on the user's computer to hinder recovery efforts. The ransomware creates a ransom note named How_to_back_files.html in each folder containing encrypted files. The note provides an explanation of what has happened to the user's files and instructions on how to pay a ransom to decrypt the files.

Mzop Ransomware runs encryption of data (with RSA 2048 + Salsa20 algorithms), renames filenames with the .mzop extension, and demands money for its return. These traits make it categorized as a ransomware infection. It is also part of a very popular and dangerous ransomware family called STOP/Djvu which is responsible for hundreds of devastating infections. Once Mzop installs onto a system, users will lose access to files they used to open prior to the infection. This is how an infected file will look after successful encryption - from healthy 1.pdf to encrypted 1.pdf.mzop. As soon as the process is done, Mzop unveils ransom instructions inside of text note (_readme.txt). Developers use the same template they did with other ransomware variants originating from the STOP/Djvu family.

Electronic Ransomware is a type of malware that encrypts files on a victim's computer, rendering them inaccessible until a ransom is paid to the attacker. The encrypted files are appended with the .ELCTRONIC file extension, and a ransom note named README ELECTRONIC.txt is created to inform the victim about the attack and provide instructions for payment. This note provides information about the attack, instructions for payment, and contact information for the cybercriminals, which may include email addresses and Telegram usernames. The specific encryption algorithm used by Electronic Ransomware is not yet known. However, ransomware typically uses complex encryption algorithms to encrypt the victim's data, making it impossible to decrypt without the attacker's unique decryption key.

ReadText Ransomware is a malicious program that belongs to the MedusaLocker ransomware family. It targets companies and utilizes double-extortion tactics to encrypt important files on the victim's computer and demand a ransom for their decryption. ReadText Ransomware appends the .readtext4 extension to the original filenames of the encrypted files. The number in the extension may vary depending on the ransomware variant. While the specific encryption method used by ReadText Ransomware is not known, modern ransomware typically employs a hybrid encryption scheme, combining symmetric encryption algorithms like AES with asymmetric encryption algorithms like RSA. After encrypting the files, ReadText Ransomware drops a ransom-demanding message named How_to_back_files.html.