Ransomware

Eqza Ransomware is a type of malicious software that belongs to the STOP/Djvu Ransomware family. Its primary function is to encrypt files on a victim's computer, rendering them inaccessible, and then demand a ransom payment for their decryption. The ransom typically ranges from $490 to $980, payable in Bitcoin. Once inside a system, the Eqza Ransomware scans each folder for files it can encrypt. It then makes a copy of each file, removes the original, encrypts the copy, and leaves it in place of the removed original. The encrypted files are identifiable by the specific extension .eqza added to each file. After the encryption process, the Eqza ransomware creates a ransom note named _readme.txt in the folder where the encrypted file is located. This note informs the victim about the encryption and instructs them on how to pay the ransom to get their files decrypted. The note typically warns that data will never be restored without payment and provides an email address for the victim to contact the attackers.

WannaDie is a type of ransomware, a malicious software that encrypts data on a victim's computer, rendering it inaccessible. Unlike typical ransomware, WannaDie does not demand a ransom for the decryption of the encrypted files. Instead, it informs the victim that their files have been encrypted and that recovery is impossible. This unusual behavior suggests that WannaDie might have been released for testing purposes, with potential future releases possibly including ransom demands. After encrypting files, WannaDie appends their filenames with an extension comprising four random characters. The specific encryption algorithm used by WannaDie is not yet determined. However, it's common for ransomware to use strong cryptographic algorithms, such as AES or RSA, to encrypt data. WannaDie creates a ransom note in a text file titled info[random_number].txt. The note informs the victim that their files have been encrypted and that recovery is impossible. Unlike typical ransomware, WannaDie's note does not demand a ransom or provide contact information for the attackers.

1337 Ransomware is a type of malware that encrypts files on a victim's computer and demands a ransom for their decryption. It was discovered during a routine inspection of new submissions to VirusTotal. The ransomware appends the .1337 extension to the filenames of encrypted files. For instance, a file initially titled 1.jpg would appear as 1.jpg.1337 after encryption. While the specific encryption method used by 1337 Ransomware is not yet determined, it is common for ransomware to use strong encryption methods, such as AES-256 or RSA-2048, to make the victim's files inaccessible. After encrypting the files, 1337 Ransomware drops a ransom note titled yourhope.txt. This note informs the victim that their data has been encrypted and reassures them that recovery is possible. It encourages the victim to contact the attackers, presumably for instructions on how to pay the ransom and decrypt their files.

Ran Ransomware is a type of malware that encrypts data on a victim's computer and demands a ransom for its decryption. It was discovered during a routine inspection of new submissions to the VirusTotal site. The primary purpose of this ransomware is to block access to data by encrypting it, and then demanding a ransom for the decryption key. Ran Ransomware modifies the titles of affected files by adding the .Ran extension to filenames. The specific encryption algorithm used by Ran Ransomware is not known. However, it is known that ransomware typically uses sophisticated encryption algorithms, either symmetric or asymmetric. The encryption is usually so complex that only the developer is capable of restoring data, as decryption requires a specific key generated during the encryption process. After the encryption process is completed, Ran Ransomware drops a ransom note named Payment.txt. This note states that the victim's network and computers have been infected, their personal files were encrypted, and vulnerable data was stolen. To obtain the decryption tools, a ransom of 3 BTC (Bitcoin cryptocurrency) is demanded.

DeepInDeep Ransomware is a malicious program that belongs to the Phobos Ransomware family. It is designed to encrypt files and demand ransoms for their decryption. The ransomware alters the names of the locked files by appending them with a unique ID assigned to the victim, the cybercriminals' email address, and a .deepindeep extension. For example, a file originally named 1.jpg would appear as 1.jpg.id[T5H6N9-7834].[Deep_in_Deep@tutanota.com].deepindeep after encryption. Once the encryption process is complete, DeepInDeep creates two ransom notes: one displayed in a pop-up window (info.hta) and the other dropped as a text file (info.txt). The ransom notes warn victims against actions that may render their data undecryptable, such as manipulating the files, using third-party recovery software, and restarting or shutting down the system.

GoTiS Ransomware is a malicious program that is part of the Xorist Ransomware family. It was discovered during a routine investigation of new submissions to the VirusTotal website. This malware encrypts data on the infected system and demands a ransom for its decryption. GoTiS ransomware appends the .GoTiS extension to the filenames of the encrypted files. After the encryption process is completed, GoTiS creates identical ransom notes on the desktop wallpaper, in a pop-up window, and a text file named HOW TO DECRYPT FILES.txt. The ransom note informs the victim that their files have been encrypted and that the decryption key and software will cost 0.04 BTC (Bitcoin cryptocurrency), which is approximately 1400 USD. The specific encryption algorithm used by GoTiS ransomware is not yet known. However, ransomware typically uses either symmetric or asymmetric encryption algorithms.