Ransomware

BlackDream Ransomware is a type of malware that encrypts data on a victim's computer and demands payment for its decryption. It was discovered by researchers while investigating new malware submissions to VirusTotal. The ransomware appends a unique ID, the cybercriminals' email address, and the .BlackDream extension to the filenames of encrypted files. For example, a file initially named 1.jpg would appear as 1.jpg.[G7H9L6ZA].[Blackdream01@zohomail.eu].BlackDream. After the encryption process is completed, a ransom note titled ReadME-Decrypt.txt is dropped. BlackDream ransomware uses an unspecified file encryption method. The note reassures the victim that their files have not been damaged but have been encrypted. It warns that seeking aid with recovery outside the attackers (i.e., using third-party tools or services) may render the data undecryptable. The note implies that decryption will require paying a ransom in Bitcoin cryptocurrency, although the exact sum is not specified.

Zput is a type of ransomware that belongs to the Djvu ransomware family. It is a malicious program designed to encrypt files and demand ransoms for their decryption. The Zput ransomware targets various types of files, such as videos, photos, documents, and more. It alters the file structure and appends the .zput extension to each file, making them inaccessible and unusable without decryption. For example, a file initially named 1.jpg appears as 1.jpg.zput, 2.png, as 2.png.zput, and so forth. Zput Ransomware uses Salsa20 encryption algorithms to scramble the contents of the targeted files. This robust ciphering method makes it quite difficult, if not impossible, to pick the decryption key without cooperating with the attackers. After encrypting the files, Zput ransomware drops a ransom note titled _readme.txt. This note informs the victim that their data has been encrypted and that recovering the locked files necessitates meeting the attackers' demands – paying a ransom to obtain the decryption key/software.

Zpww Ransomware is a type of malware that belongs to the STOP/Djvu family. Its primary objective is to extort money from victims by encrypting their files and demanding a ransom for their decryption. The ransom typically ranges from $490 to $980, payable in Bitcoins. Upon successful infiltration, Zpww Ransomware scans each folder for files it can encrypt. It then creates a copy of the target file, deletes the original, encrypts the copy, and leaves it in place of the removed original. The encrypted files are appended with the specific extension .zpww. The ransomware uses the Salsa20 encryption algorithm, which, while not the strongest method, still provides an overwhelming number of possible decryption keys. After the encryption process, Zpww Ransomware creates a ransom note named _readme.txt in the folder where the encrypted file is located.

Zpas is a file-encrypting ransomware infection that belongs to the STOP/DJVU ransomware family. It restricts access to data such as documents, images, and videos by encrypting files with the .zpas extension. The ransomware then attempts to extort money from victims by asking for a "ransom", typically in the form of Bitcoin cryptocurrency, in exchange for access to data. When a computer is infected with Zpas ransomware, it scans the system for images, videos, and important productivity documents and files such as .doc, .docx, .xls, .pdf. When these files are detected, the ransomware encrypts them and changes their extension, rendering them inaccessible. Zpas ransomware uses a robust cipher - Salsa20, which is impossible to "hack". Once the Zpas ransomware has encrypted the files on a computer, it displays a ransom note named _readme.txt on the desktop. The ransom note contains instructions on how to contact the authors of this ransomware via the support@fishmail.top and datarestorehelp@airmail.cc email addresses. The victims of this ransomware are asked to contact these malware developers. The ransom demanded ranges from $490 to $980 (in Bitcoins).

Halo Ransomware is a type of malware designed to encrypt data and demand ransoms for decryption. It appends the .halo extension to the filenames of encrypted files. For example, a file initially titled 1.jpg would appear as 1.jpg.halo. After encrypting the files, Halo Ransomware creates a ransom-demanding message named !_INFO.txt. The note states that the victim's files have been encrypted and can only be recovered by paying a ransom. The note warns against shutting down the system, renaming files, attempting manual decryption, or using third-party recovery tools, as these actions may render the data undecryptable. The specific file encryption algorithm used by Halo Ransomware is not known. However, ransomware programs typically use symmetric or asymmetric cryptographic algorithms to encrypt files.

Keylock Ransomware is a type of malicious software that encrypts files on a victim's computer and appends a .keylock extension to the filenames. For example, a file originally named 1.jpg would appear as 1.jpg.keylock after encryption. Once the encryption process is completed, Keylock creates a ransom-demanding message titled README-id-[username].txt (filename varies based on the username). The ransom note provides instructions on how to pay the ransom, usually in Bitcoin, to obtain the decryption key and regain access to the encrypted files. Keylock ransomware uses AES encryption, a symmetric encryption algorithm, to encrypt files quickly. The ransom note warns against renaming, modifying, or deleting the encrypted files, attempting manual decryption, or using third-party recovery software or antivirus tools, as these actions may result in permanent data loss.

Itqw Ransomware is a malicious software that belongs to the STOP/Djvu ransomware family. It targets various types of files, such as videos, photos, documents, and more, encrypting them and rendering them inaccessible. Itqw ransomware encrypts files using a strong encryption algorithm and a unique key. The ransomware appends a distinct .itqw extension to each encrypted file and demands a ransom payment, typically in the form of Bitcoin cryptocurrency, to supposedly unlock the files. The ransom amount can vary depending on the specific variant of the Itqw Ransomware. Itqw Ransomware creates a ransom note, a file named _readme.txt, which contains instructions on how to contact the attackers and pay the ransom. The ransom amount ranges from $490 to $980 in Bitcoin.

Ithh Ransomware is a variant of the Djvu ransomware family that encrypts files on the victim's computer and appends the .ithh extension to the filenames. For example, it changes 1.jpg to 1.jpg.ithh and 2.png to 2.png.ithh. After encrypting the files, Ithh Ransomware generates a ransom note within a file named _readme.txt. The attackers demand a ransom payment, usually in cryptocurrency, to provide the decryption key to restore access to the encrypted files. However, paying the ransom is strongly discouraged, as there is no guarantee that the attackers will provide the decryption tools. The Ithh ransom note is a message left by the Ithh Ransomware attackers after encrypting the victim's files. The note typically contains information about the ransomware attack, instructions on how to pay the ransom ($490 or $980 in cryptocurrency).