ransomware

TFlower Ransomware

TFlower is software categorized as ransomware. Unlike most ransomware-type programs, it does not change extensions of encrypted files. It does, however, create a ransom message (within a text file named “!_Notice_!.txt“) that contains instructions about how to purchase a decryption tool. Typically, programs such as TFlower encrypt (lock) files, which then cannot be accessed unless

TFlower Ransomware Read More »

Baldr – Information Stealing Malware

Baldr is the name of a new family of information-stealing malware. Its authors first introduced it to cybercriminal circles in January, and about a month later, Microsoft’s security team reported that they have seen it in the wild. Bill Gates’ specialists said that the stealer is ‘highly obfuscated’ which usually suggests that someone has put

Baldr – Information Stealing Malware Read More »

Adwind: Malware-as-a-Service Platform

Java/Adwind is typically spread as an executable file attached to spam email messages. When the file attachment is launched, the archive file drops malicious components onto the system, then continues to run in the background. On a Windows machine, the components are dropped to the %AppData% folder. When running in the background, the Adwind archive

Adwind: Malware-as-a-Service Platform Read More »