Ransomware

LostTrust Ransomware is a type of malicious software designed to encrypt data on a victim's computer, making it inaccessible until a ransom is paid. The primary goal of this ransomware is to extort money from victims by encrypting their files and demanding payment for decryption. LostTrust Ransomware appends the .losttrustencoded extension to the encrypted files. The specific encryption algorithm used by LostTrust Ransomware is not yet investigated. However, ransomware often uses complex encryption algorithms, such as AES and RSA, to encrypt files. LostTrust Ransomware creates a ransom note named !LostTrustEncoded.txt. The note informs victims that the attackers have acquired a significant amount of crucial data from their network and promises to provide a detailed list of the compromised files upon request.

Mzhi Ransomware is a type of malicious software designed to encrypt files, rendering them inaccessible to the victim. Its primary aim is to extort money from the victim in exchange for the decryption key to unlock the encrypted files. Mzhi Ransomware is similar to other ransomware strains like Mzqt, Azqt, and Mzqw, which also encrypt files and demand ransom payments. Mzhi Ransomware appends the .mzhi extension to the filenames of the encrypted files. This ransomware typically uses strong encryption algorithms like AES or RSA to encrypt the victim's files, making it nearly impossible to decrypt them without the correct key. Mzhi Ransomware creates a ransom note named _readme.txt and drops it in various directories on the infected computer. The ransom note informs the victim that their files have been encrypted and demands a ransom payment, usually in the form of cryptocurrency, to provide the decryption key.

Azhi Ransomware is a malicious software that belongs to the STOP/Djvu ransomware family. It infiltrates computer systems and encrypts various file types, such as documents, spreadsheets, presentations, images, photos, and videos. The encrypted files are appended with the .azhi extension, making them inaccessible and unusable. For example, it renames 1.jpg to 1.jpg.azhi and 2.png to 2.png.azhi. Azhi ransomware uses the Salsa20 encryption algorithm to scramble the contents of the targeted files. Due to the strong ciphering method, it becomes particularly difficult, if not impossible, to find the decryption key without cooperating with the attackers. The primary objective of Azhi ransomware is to demand a ransom payment from its victims, ranging from $490 to $980 in Bitcoin. Azhi ransomware creates a ransom note in the form of a text document named _readme.txt. The note clarifies that all files have been encrypted with a strong and unique encryption method and instructs victims to buy a decryption tool along with a key to restore their files.

CiphBit Ransomware is a malicious program designed to encrypt data and demand ransoms for decryption. It primarily targets companies rather than home users and uses double-extortion tactics. The ransom note, titled ____CiphBit____!.txt, states that the victim's company network has been compromised, and files and documents have been encrypted and exfiltrated (stolen). The attackers urge the victim to establish contact with them and send a couple of locked files for testing decryption. If the victim refuses to pay, the downloaded content will be posted on the cybercriminals' data-leaking website. CiphBit Ransomware appends four random characters to the filenames, along with a unique ID and the attackers' email. Although the specific encryption method used by CiphBit is not yet discovered, ransomware programs often use a combination of symmetric and asymmetric encryption algorithms, such as AES and RSA.

Days Locker Ransomware is a malicious program that encrypts files on the victim's computer and demands a ransom for decryption. The ransomware appends a .Daysv3 extension to the filenames of encrypted files, making them inaccessible. For example, a file originally titled 1.jpg would appear as 1.jpg.Daysv3 after encryption. Days Locker Ransomware encrypts the victim's files using an unknown encryption algorithm. Once the files are encrypted, the ransomware displays a pop-up window containing the ransom note. The ransom note issued by Days Locker asserts that not only have all your files been encrypted, but your personal information has also been pilfered from your computer. The ransom sum is specified as 345 USD in Bitcoin cryptocurrency.

Eldritch Ransomware is a type of malware that encrypts important personal files on the victim's computer, making them inaccessible until a ransom is paid to the attackers. It adds the .eldritch file extension to the encrypted files. Eldritch Ransomware likely uses a combination of symmetric and asymmetric encryption algorithms, similar to other modern ransomware strains. Symmetric encryption algorithms, such as AES, can be used to encrypt files quickly, while asymmetric encryption algorithms, like RSA, are used to encrypt the symmetric keys. Eldritch Ransomware creates a ransom note in a text file named READ-THIS.txt. The note typically informs the victim that their files have been encrypted and demands a ransom payment in exchange for a decryption key. The cybercriminals behind Eldritch Ransomware can be contacted at EldritchTeam@proton.me.

Wwhu Ransomware is a type of malicious software that belongs to the Djvu family. It encrypts files on infected computers and adds the .wwhu extension to the file names, such as renaming sample.jpg to sample.jpg.wwhu. The ransomware uses the Salsa20 encryption algorithm, which, although not the strongest method, still provides an overwhelming number of possible decryption keys. Upon encrypting the files, Wwhu ransomware generates a ransom note in the form of a text document named _readme.txt. The note explains that the files have been encrypted using a highly secure encryption method with a unique key, and victims are instructed to purchase a decryption tool and key to regain access to their files.

SpotifyxBiden Ransomware is a malicious computer virus that encrypts files on the infected system, making them inaccessible to the user. It is a variant of the Vicious Ransomware family. The ransomware spreads through various methods, such as infected email attachments, torrent websites, and malicious ads. Once installed on a computer, SpotifyxBiden Ransomware takes control of the system and encrypts most of the user's data files, including .JPG, .GIF, .DOC, .XLS, and many other file types. It uses an unknown encryption algorithm to lock the files and appends the .spotifyxbiden extension to the encrypted files. After encrypting the files, SpotifyxBiden Ransomware displays a warning alert to the user, demanding a ransom of 100 EURO to decrypt the files. The ransom note (read_it.txt) provides instructions on how to pay the ransom and recover the encrypted files.