Ransomware

FMLN Ransomware is a malicious program designed to encrypt data on a victim's computer and demand a ransom for its decryption. Upon infecting a system, FMLN renames affected files by appending a distinctive extension in the format .crypt-[original_extension]. For example, a file named photo.jpg would be renamed to photo.crypt-jpg, leaving users unable to access their data. This extension serves as a clear indicator of the infection. FMLN employs robust cryptographic algorithms to lock files, making decryption without the attacker's cooperation extremely challenging and, in many cases, impossible. The ransomware typically modifies the desktop wallpaper to alert the user to the infection, adding a sense of urgency. Simultaneously, FMLN generates ransom notes in a pop-up window and a text file titled README.txt, providing instructions in Spanish on how to proceed for file recovery. Victims are cautioned against removing the malware or using antivirus tools, as this might permanently lock the files.

Craxsrat Ransomware is a malicious software program classified under ransomware, which is notorious for encrypting victims' files and demanding a ransom payment for their decryption. Upon infection, Craxsrat appends a .craxsrat extension to each encrypted file name, altering the structure and rendering them inaccessible. For instance, a file named photo.jpg becomes photo.jpg.craxsrat. This ransomware deploys the RSA cryptographic algorithm, known for its robust encryption capabilities, using separate keys for encryption and decryption, which makes data recovery without the decryption key nearly impossible. After encrypting files, the ransomware creates a ransom note titled HELP_DECRYPT_YOUR_FILES.txt, typically located in every affected folder. The note instructs the victim to pay an amount of $50 in Bitcoin in exchange for a decryption key and allows for the decryption of a single file as proof, although fulfilling ransom demands often does not guarantee data recovery or the development of trustworthy tools.

Nanocrypt Ransomware is a new strain of ransomware that our team detected during security analyses. Much like other ransomware types, it primarily targets and encrypts files on the infected device, rendering them inaccessible to the user. After encryption, it appends the .ncrypt extension to the file names, for instance, turning document.docx into document.docx.ncrypt. The malware employs a combination of RSA and AES encryption, ensuring that without the corresponding decryption key, regaining access to the files is practically impossible. Typically, once the encryption process is complete, it generates a ransom note in a text file named README.txt. The contents of this note inform victims about the encryption, instruct them on how to purchase 50 USD worth of Bitcoin to receive the decryption tool, and caution against trying to recover the files independently or restarting the computer. This kind of manipulation is common in ransomware attacks, aimed at creating urgency and fear to coerce payment.

Maximsru Ransomware is a malicious software variant that targets computer systems to encrypt users' files and demand a ransom for their decryption. This malware sneakily infiltrates devices, typically via deceptive methods like phishing emails or untrustworthy downloads, causing significant disruption to personal and professional data. Once active on a system, Maximsru appends a unique file extension, which comprises five random characters, to the encrypted files, effectively making them inaccessible without the decryption key. For example, a file originally named photo.jpg could be renamed to photo.jpg.A4sX2, making it unrecognizable to the user. Maximsru employs strong cryptographic algorithms, often leaving victims with slim prospects for data recovery without attackers’ cooperation. After encryption, a ransom note titled MAXIMSRU.txt is generated, which informs victims of the need to contact the cybercriminals via email to retrieve their files, usually demanding a ransom paid in cryptocurrency to ensure anonymity.

Nullhexxx Ransomware represents a concerning category of malware known for encrypting vital files on an infected computer and demanding a ransom for their release. Discovered through submissions on VirusTotal, this pesky ransomware appends the distinctive file extension .9ECFA84E to compromised files, effectively rendering them inaccessible without proper decryption. The process is underscored by a comprehensive encryption method that ties the victim's files to a unique ID, ensuring individualized ransoms are crafted for every victim. Upon infiltration, victims are greeted with a replaced desktop wallpaper and the prominent ransom note, READ-ME-Nullhexxx.txt, strategically placed on the desktop and within each folder carrying encrypted files, serving as a stark reminder of the compromise. This note instructs victims to contact the cybercriminals through a specified email or the TOX messaging service to negotiate the terms of the ransom.

TheAnonymousGlobal Ransomware is a notorious type of malware designed to encrypt data on a victim's device, rendering it inaccessible until a ransom is paid. This ransomware operates by scrambling files using strong encryption algorithms and appending a unique extension, specifically .TheAnonymousGlobal, to each affected file. By doing this, previously functional files like PDFs, images, and documents are rendered unusable until decrypted. Cyber criminals behind this ransomware typically demand payment in Bitcoin, and the required sum is specified in a ransom note the malware generates. The ransom note, labeled as TheAnonymousGlobal_ReadMe.txt, is often dropped on the desktop and possibly within each folder containing encrypted files, informing victims of the encryption and instructing them on how to pay the ransom for decryption.

RestoreBackup Ransomware is a malicious software variant that encrypts users' files and demands a ransom for decryption. It mainly targets individual users' files, such as documents, photos, and databases, effectively rendering them inaccessible. As part of its encryption process, it renames files by appending a unique identifier followed by the extension .restorebackup. For instance, a file named document.txt may be altered to document.txt.{unique_id}.restorebackup. This type of malware typically utilizes advanced encryption algorithms, making it challenging for users to decrypt files without the attacker's decryption tools. Upon successfully encrypting the files, the ransomware generates a ransom note labeled as README.TXT. This note usually appears on the desktop and in various directories where files have been encrypted. It provides instructions on how victims can contact the attackers, typically via an email address, and a warning against using third-party decryption solutions or renaming the encrypted files, which might lead to permanent data loss.

888 Ransomware is a type of malicious software that encrypts personal files on a victim's computer, making them inaccessible until a ransom is paid. This ransomware attaches the .888 extension to the filenames of encrypted files, signifying that they have been compromised. For example, a file initially named document.docx will be changed to document.docx.888. The cryptographic algorithms leveraged by 888 Ransomware for file encryption are usually robust, typically involving a mixture of both symmetric and asymmetric encryption schemes, making it next to impossible to decrypt without a designated decryption key. Following the encryption process, victims find a ransom note labeled as !RESTORE_FILES!.txt, typically deposited within various folders where the encrypted files reside. This note warns victims not to modify the encrypted files or attempt third-party decryption methods and demands a ransom payment in exchange for decryption tools.