Ransomware

Knight Ransomware is a type of malware that encrypts all the data on a computer, including images, text files, audio files, videos, and more. Knight Ransomware is a rebrand of the Cyclops Ransomware-as-a-Service, which switched its name at the end of July 2023. Once the ransomware infects a computer, it appends the .knight_l extension to every encrypted file and leaves a ransom note named How To Restore Your Files.txt in each folder on the computer. The ransom note demands $5,000 to be sent to a Bitcoin address and contains a link to the Knight Tor site. However, every ransom note in this campaign utilizes the same Bitcoin address of 14JJfrWQbud8c8KECHyc9jM6dammyjUb3Z, which would make it impossible for the threat actor to determine which victim paid a ransom. Knight Ransomware uses AES-256 encryption algorithm to encrypt files. This encryption algorithm is considered to be one of the most secure encryption algorithms available. The ransomware also uses RSA public key (2048 bit) to encrypt the random key used for encryption.

Taqw Ransomware is a devastating virus that encodes data and demands payment in cryptocurrency for its decryption. It is part of the Djvu ransomware family. The malware is designed to encrypt all popular file types, making them inaccessible to the victim. Once the ransomware infects a computer, it encrypts files and appends their filenames with a .taqw extension. For example, a file initially named 1.jpg appears as 1.jpg.taqw. Taqw Ransomware creates a ransom note titled _readme.txt that informs the victim that their files have been encrypted, and that recovery necessitates purchasing the decryption key and tool from the cybercriminals. The ransom note is usually placed in the folders containing the encrypted files.

Tasa Ransomware is a new subtype of notorious STOP/Djvu malware. As other similar types of viruses it encrypts the files on a victim's computer and demands a ransom payment in exchange for the decryption key. Ransomware uses a strong AES-256 encryption key algorithm to encrypt the files of an infected computer system. According to the majority of security experts decryption is rarely possible without the attackers' interference, however, some lifehacks may help you decrypt some files. Tasa Ransomware adds the .tasa extension to the encrypted files. After successful encryption virus creates a ransom note named _readme.txt and places it in every folder containing encrypted files. In this ransom note, malefactors inform users about the ransom amount, conditions and provide contact and payment details.

Alock Ransomware is a nasty virus that encrypts files on a victim's computer and demands payment in exchange for the decryption key. It is part of the MedusaLocker ransomware family and targets companies rather than home users. Alock Ransomware uses double extortion tactics, which means that it not only encrypts files but also threatens to leak sensitive data if the ransom is not paid. Alock Ransomware adds the .alock extension to the original file names after encrypting files on the targeted machine. This is a way of marking files as inaccessible, and the extension usually refers to the name of the virus. Alock Ransomware uses a powerful encryption algorithm to lock files on an infected computer, which can only be unlocked by a private decryption key. As Alock Ransomware is a relatively new ransomware, anti-malware engineers have not yet found a way to reverse its work. After the encryption process is completed, a ransom-demanding message titled HOW_TO_BACK_FILES.html is created.

BLACK ICE Ransomware is a type of malware that encrypts data on a computer and demands a ransom for its decryption. It is a relatively new ransomware that can infect unaware target Windows systems and is already spreading online via a number of online frauds. Once the files are encrypted, the ransomware adds its own .ICE extension to the encrypted files. BLACK ICE Ransomware uses an encryption method that encrypts all the data on a computer, including images, text files, Excel sheets, audio files, videos, etc. The ransomware appends its own extension to every file, creating the ICE_Recovey.txt text files in every directory with the encrypted files. The ransom note usually provides payment info and the threat—how to send payment and how much you need to pay, and what happens if you don't.

Dharma-GPT Ransomware is a devastating encryption virus that encrypts files on the infected device and appends a unique ID assigned to the victim, the attackers' email address, and the .GPT extension to the filenames. GPT is part of the Dharma malware family. The ransom note issued by the cybercriminals introduces them as "Sarah," a malware entity purportedly powered by artificial intelligence. The ransom note displays two distinct ransom notes—one through a pop-up window and another by generating the AI_SARA.txt file. Cybercriminals can leverage AI to power their ransomware attacks, making them more precise, adaptable, and destructive. GPT ransomware uses the AES algorithm to encrypt files.

Harward Ransomware is a type of malware that encrypts files on a victim's computer and demands payment for their decryption. It is a dangerous form of ransomware that can cause significant damage to personal and business data. The ransomware is named after the file extension it adds to encrypted files, which is .harward. The encryption method used by Harward Ransomware is not yet known. However, it is known that decryption is impossible without the attackers' interference. Right after encryption virus places ransom note FILE ENCRYPTED.txt. The ransom note created by Harward Ransomware reassures the victim that the cybercriminals are capable of restoring the encrypted files and instructs them to initiate the process by sending the criminals a locked file to test decryption.

G-STARS Ransomware, also known as Phobos, is a type of malware that encrypts data on the victim's system and then demands payment from the victim in exchange for the decryption key. G-STARS is a malicious program belonging to the Phobos ransomware family. It is propagated through spam email attachments, pornographic websites, cost-free programs, and vulnerable web servers. Once it infects a computer, it encrypts files and alters their names by appending a unique ID, the email address of the cybercriminals, and the .G-STARS extension. G-STARS Ransomware drops its ransom notes, the (info.txt), in the infected computer's directories containing encrypted files and creates a pop-up window (info.hta). As many other ransomware viruses G-STARS uses the Advanced Encryption Standard AES-256 alongside another popular algorithm, RSA-1024.