Gridinsoft Security Lab

Novalock is a sophisticated form of malware designed to encrypt your files and then demand payment for their release. It belongs to the Globeimposter virus family, and shares a lot of functionality with other samples of the same group. The malware leaves a clear marker: files are appended with a .novalock extension. This attack is […]

Locklocklock is a ransomware virus designed to lock your files and demand payment to restore access. Victims can identify encrypted files by the addition of a .locklocklock extension to every affected one. This malware operates under the control of a sophisticated network of cybercriminals who develop, distribute, and profit from it. In every folder containing […]

Trojan:Win32/Patched refers to a detection for modified versions of legitimate programs. Often such modifications are made to add malicious functionality to a program. Trojan:Win32/Patched Overview Trojan:Win32/Patched is a Microsoft Defender detection used to detect programs that have been modified by hackers to perform malicious actions. Unlike traditional Trojans that disguise themselves as useful software, this […]

SUPERLOCK is a ransomware infection that aims at blocking access to the files and demanding a payment for getting them back. Users can distinguish the encrypted files by them containing an additional .superlock extension, and also a lengthy ID code. As the result, the file originally named document.docx starts looking like document.docx.80E6332B3C8DN14401.superlock This malware is […]

Brad Garlinghouse Crypto Giveaway is a scam campaign that masquerades as a cryptocurrency giveaway. It falsely claimed to be organized by Ripple Foundation with Brad Garlinghouse, Ripple’s CEO, as the face of the event. It uses a sense of urgency and the allure of receiving free XRP tokens to deceive victims into clicking on fraudulent […]

Shougnoboassi.net is a website that you may notice appearing in your web browser. It shows a human verification button, and upon interaction redirects the user to a questionable website. In fact, this site is related to malicious activity, and in this post, I will explain how to stop it. What is Shougnoboassi.net? Shougnoboassi.net is a […]

Skyjem.com is a questionable search engine that you may see appearing in the browser for no obvious reason. Its search results are questionable and heavily infused with advertisements and links to shady pages. Here’s a breakdown of what this site is, how it ends up on your system, and what measures you can take to […]

“Ledger Recovery Phrase Verification” is a scam email that targets non-vigilant users. Its goal is to trick users into writing down their recovery phrase on a fake Ledger website. “Ledger Recovery Phrase Verification” email scam overview The email titled “Ledger Recovery Phrase Verification” is a deceptive phishing attempt targeting cryptocurrency users, specifically those with Ledger […]

Trojan:PDF/Phish.A is detection of a PDF file which potentially carries a malicious link or script designed to harm the system. This embedded malicious script may download additional malware onto the target system, or cause other kinds of disruptions. Let me quickly overview the detection and show how to remove it. What is Trojan:PDF/Phish.A detection? Trojan:PDF/Phish.A […]

Trojan:PowerShell/Malscript!MSR refers to a detection linked to malicious script activity. This type of malware typically exploits the system console interface to download and run full-fledged malicious programs. Let me quickly explain what this detection is about, and show you how to remove it. What does the Trojan:PowerShell/Malscript!MSR detection mean? Trojan:PowerShell/Malscript!MSR is a heuristic detection for […]

TrojanDownloader:HTML/Elshutilo is script-based malware designed to download additional payloads onto the target system. Since detection is based on threat behavior rather than a signature, it can sometimes result in false positives. Let me explain the meaning of the detection, all the dangers related to it, and the way to remove it from the system. TrojanDownloader:HTML/Elshutilo […]

Opera GX is a special version of the Opera browser with extra features tailored for gamers. However, malicious, weaponized versions of the browser are circulating online, transforming this legitimate browser into a makeshift malware. In this post, I’ll explain how to tell the original Opera GX apart from modified versions and why these “alternative builds” […]