Ransomware

CiphBit Ransomware is a malicious program designed to encrypt data and demand ransoms for decryption. It primarily targets companies rather than home users and uses double-extortion tactics. The ransom note, titled ____CiphBit____!.txt, states that the victim's company network has been compromised, and files and documents have been encrypted and exfiltrated (stolen). The attackers urge the victim to establish contact with them and send a couple of locked files for testing decryption. If the victim refuses to pay, the downloaded content will be posted on the cybercriminals' data-leaking website. CiphBit Ransomware appends four random characters to the filenames, along with a unique ID and the attackers' email. Although the specific encryption method used by CiphBit is not yet discovered, ransomware programs often use a combination of symmetric and asymmetric encryption algorithms, such as AES and RSA.

Days Locker Ransomware is a malicious program that encrypts files on the victim's computer and demands a ransom for decryption. The ransomware appends a .Daysv3 extension to the filenames of encrypted files, making them inaccessible. For example, a file originally titled 1.jpg would appear as 1.jpg.Daysv3 after encryption. Days Locker Ransomware encrypts the victim's files using an unknown encryption algorithm. Once the files are encrypted, the ransomware displays a pop-up window containing the ransom note. The ransom note issued by Days Locker asserts that not only have all your files been encrypted, but your personal information has also been pilfered from your computer. The ransom sum is specified as 345 USD in Bitcoin cryptocurrency.

Eldritch Ransomware is a type of malware that encrypts important personal files on the victim's computer, making them inaccessible until a ransom is paid to the attackers. It adds the .eldritch file extension to the encrypted files. Eldritch Ransomware likely uses a combination of symmetric and asymmetric encryption algorithms, similar to other modern ransomware strains. Symmetric encryption algorithms, such as AES, can be used to encrypt files quickly, while asymmetric encryption algorithms, like RSA, are used to encrypt the symmetric keys. Eldritch Ransomware creates a ransom note in a text file named READ-THIS.txt. The note typically informs the victim that their files have been encrypted and demands a ransom payment in exchange for a decryption key. The cybercriminals behind Eldritch Ransomware can be contacted at EldritchTeam@proton.me.

Wwhu Ransomware is a type of malicious software that belongs to the Djvu family. It encrypts files on infected computers and adds the .wwhu extension to the file names, such as renaming sample.jpg to sample.jpg.wwhu. The ransomware uses the Salsa20 encryption algorithm, which, although not the strongest method, still provides an overwhelming number of possible decryption keys. Upon encrypting the files, Wwhu ransomware generates a ransom note in the form of a text document named _readme.txt. The note explains that the files have been encrypted using a highly secure encryption method with a unique key, and victims are instructed to purchase a decryption tool and key to regain access to their files.

SpotifyxBiden Ransomware is a malicious computer virus that encrypts files on the infected system, making them inaccessible to the user. It is a variant of the Vicious Ransomware family. The ransomware spreads through various methods, such as infected email attachments, torrent websites, and malicious ads. Once installed on a computer, SpotifyxBiden Ransomware takes control of the system and encrypts most of the user's data files, including .JPG, .GIF, .DOC, .XLS, and many other file types. It uses an unknown encryption algorithm to lock the files and appends the .spotifyxbiden extension to the encrypted files. After encrypting the files, SpotifyxBiden Ransomware displays a warning alert to the user, demanding a ransom of 100 EURO to decrypt the files. The ransom note (read_it.txt) provides instructions on how to pay the ransom and recover the encrypted files.

B-Panther Ransomware is a malicious program that encrypts files on the victim's computer, making them inaccessible until a ransom is paid. It belongs to the Xorist ransomware family. Once it infects a system, it encrypts various types of files and appends the .B-Panther extension to the encrypted files. The specific encryption algorithm used by B-Panther Ransomware is unknown However, ransomware programs typically use strong encryption algorithms like AES or RSA to encrypt the victim's files. After encrypting the files, B-Panther Ransomware leaves a ransom note HOW TO DECRYPT FILES.txt in text format in the folders containing the encrypted files. The ransom note may also be displayed as an image on the victim's desktop screen. The note typically demands payment within a specified time frame to provide the decryption key.

Wwty Ransomware is a variant of the Djvu ransomware family that encrypts files on infected computers and appends the .wwty extension to the filenames. For example, it renames 1.jpg to 1.jpg.wwty and 2.png to 2.png.wwty. Wwty Ransomware uses a powerful encryption algorithm to lock the files on the infected computer. The encrypted files cannot be accessed without a decryption key. After encrypting the files, Wwty creates a text file named _readme.txt containing a message outlining the ransom requirements. The ransom note demands a payment in Bitcoin, ranging from $490 to $980, in exchange for the decryption key. The note also provides contact information for the attackers, including support@fishmail.top and datarestorehelp@airmail.cc emails.

Wwpl Ransomware is a malicious software that belongs to the STOP/DJVU ransomware family. It targets Microsoft Windows operating systems and encrypts files on the victim's computer, demanding a ransom payment in exchange for a decryption key to restore access to the encrypted files. The ransomware appends the .wwpl extension to filenames, for example, a file originally labeled 1.jpg is changed to 1.jpg.wwpl. Wwpl Ransomware uses a strong encryption algorithm to lock the victim's files, making them inaccessible. After encrypting the files, it generates a ransom note in the form of a text document named _readme.txt. The ransom amount demanded ranges from $490 to $980 in Bitcoin cryptocurrency.