Category Cybersecurity

After a decade in incident response, I’ve battled all sorts of digital nasties, but Exploit:Win32/CplLnk still gives me chills. Last month, I was called in at 2 AM to a manufacturing company where an employee had innocently plugged in a…

I’ve been tracking Hudson ransomware since it first appeared on VirusTotal last week. This nasty piece of work appends the “.{victim’s_ID}.hudson” extension to your files, effectively holding them hostage until you pay up. In my analysis, I’ve uncovered how this…

PayForRepair (also known as .P4R) is a dangerous file-encrypting ransomware belonging to the Dharma ransomware family. This malware targets Windows systems, encrypting user files with strong cryptography and appending them with .P4R extension. After encryption, it demands payment in Bitcoin…

Forgive ransomware represents a significant cybersecurity threat that encrypts victim files and appends them with the “.forgive” extension. First identified through submissions to VirusTotal, this crypto-malware targets Windows systems, locking personal files and demanding a $500 ransom in Ethereum cryptocurrency.…

Hero ransomware (also known as Hero virus) is a file-encrypting malware from the Proton ransomware family that targets Windows computers. This malicious program encrypts victims’ files, appends them with the attackers’ email address and a “.hero77” extension, and demands payment…

Legion Loader is a sophisticated malware dropper first discovered in 2025 that serves as a delivery mechanism for multiple secondary payloads including trojans, ransomware, information stealers, and malicious browser extensions. Distributed primarily through fake CAPTCHA interfaces, deceptive websites, and bundled…

Temeliq Ultra Touch is a potentially unwanted application (PUA) that acts as a dropper for the dangerous Legion Loader malware. First identified in April 2025, this deceptive software is typically distributed through misleading websites like appsuccess[.]monster and bundled software installers.…

Neptune RAT is a Remote Access Trojan targeting Windows systems with an extensive array of dangerous capabilities. Written in Visual Basic .NET and heavily obfuscated, this malware can exfiltrate credentials from over 270 applications, deploy ransomware functionality, monitor desktops in…

DarkMystic is a newly discovered variant of the BlackBit ransomware family that encrypts files, appends them with a “.darkmystic” extension, and demands Bitcoin payment for decryption. First identified on April 14, 2025, this ransomware prepends encrypted filenames with the attackers’…