DarkNetRuss is a new and dangerous strain of ransomware that belongs to the CyberVolk family. Once it compromises a device, it encrypts documents, databases, and personal files using strong algorithms. The infected data is renamed with the .DarkRuss_CyberVolk extension, making it impossible to access without the attackers’ key. Victims also receive a ransom note called…
LockSprut is a recently identified ransomware family that encrypts victim data and assigns the .rupy3xz1 extension to locked files. Alongside encryption, it places a ransom instruction file named LOCKSPRUT_README.TXT within affected directories. Each victim is given a unique personal identifier, which attackers demand to be shared via anonymous messaging platforms such as Tox and Session….
A newly detected strain of the Proton/Shinra ransomware family, identified as Shinra v3, has surfaced and is actively targeting victims worldwide. This version encrypts user data and tags the files with a random extension, such as .gwlGZaKg, making it difficult for affected users to immediately recognize the infection. Consistent with prior activity from this group,…
The LolKek ransomware strain is a file-encrypting malware that alters file extensions to .R2U. Once it infiltrates a system, it locks up personal and corporate files—spanning documents, media, and databases—before dropping a ransom instruction file named ReadMe.txt. Victims are directed toward a TOR-hosted payment portal or an alternate URL like https://yip.su/2QstD5 for communication. As with…
Krypt ransomware, also recognized under the aliases Proton and Shinra, is one of the most destructive malware families currently targeting enterprises. Known for its rapid encryption speed, advanced hybrid cryptography, and double-extortion model, Krypt has paralyzed organizations worldwide across sectors like finance, education, manufacturing, and healthcare. To address this growing threat, our research team has…
KillBack is a strain of ransomware designed to encrypt a victim’s files and alter their extensions by adding a unique identifier followed by .killback. Once encryption is complete, the malware leaves behind a ransom message named README.TXT, demanding that victims pay in Bitcoin within 24 hours. The note warns against third-party recovery tools and stresses…
A newly discovered ransomware family, identified as LockFile .enc ransomware (Huarong 500.exe), has surfaced in recent weeks. Reports describe incomplete encryption attempts, ransom notes named with randomized characters, and extortion demands of $5,000 payable in Bitcoin. Upon analysis, researchers determined that this malware was crafted in Python, bundled with PyInstaller, and employs AES-256-GCM for encryption….
Our cybersecurity research division has carefully reverse-engineered the Warlock ransomware encryption scheme, creating a professional-grade decryptor capable of recovering files encrypted with the .warlock extension. This solution has been validated in enterprise networks, government agencies, and healthcare institutions, and is compatible with Windows, Linux, and VMware ESXi servers. Built for efficiency and accuracy, it ensures…
Matrix ransomware, part of the Proton malware family, is a notorious strain of file-encrypting ransomware first detected through VirusTotal submissions. Once active, it renames locked files with a randomized string and adds the “.matrix” extension. It also delivers a ransom demand through a note named HowToRecover.txt. Our research team has successfully reverse-engineered this threat, creating…
Our research team has thoroughly investigated the RDAT strain of ransomware, a variant within the notorious Dharma family, and crafted a specialized decryption solution. This tool is specifically engineered for Windows systems, where RDAT most commonly spreads, and allows victims to restore their data securely—without negotiating with cybercriminals.It supports both local, offline recovery and secure…
End of content
End of content