Ransomware

NoDeep Ransomware is a highly dangerous malware variant from the Proton family designed to encrypt files on infected systems, appending specific file extensions and demanding a ransom for decryption. Upon infection, the ransomware renames files by appending an email address, such as nodeep@tutamail.com, along with the unique extension .nodeep. This process effectively locks users out of their own files. For instance, a file named 1.jpg would be renamed to 1.jpg.[nodeep@tutamail.com].nodeep. Additionally, #Read-for-recovery.txt ransom notes are left in affected directories, instructing victims on how to contact the attackers through the provided email addresses and detailing the ransom payment process. Typically, the attackers request payments in cryptocurrency, such as Bitcoin, to maintain anonymity and evade law enforcement.

Dark Eye Ransomware is a malicious software belonging to the Xorist family, designed to encrypt files on an infected system and demand a ransom for their decryption. Upon infection, this ransomware appends the .darkeye extension to all encrypted files. For example, a file named 1.jpg will be altered to 1.jpg.darkeye. The ransomware then prompts a detailed ransom note, altering the desktop wallpaper, displaying a pop-up window, and generating a HOW TO DECRYPT FILES.txt file. This note informs the victim about the encryption, warning that only five attempts are allowed to enter the correct decryption password, after which decryption will be impossible. The note instructs victims to contact the provided email address and pay $60 in Bitcoin to receive the decryption password.

Shadaloo Ransomware is a type of malicious software classified as ransomware, designed to encrypt user files and demand a ransom for their decryption. Once it infects a system, it encodes various file types and appends a new extension, .shadaloo, to each affected file. For instance, an image initially named photo.jpg would be renamed to photo.jpg.shadaloo following encryption. The ransomware uses advanced cryptographic algorithms, typically either symmetric or asymmetric, to ensure that unauthorized decryption is nearly impossible. Following the encryption process, it alters the desktop wallpaper and leaves a ransom note named HOW TO DECRYPT FILES.txt, which informs victims about the encryption and provides instructions for contacting the attackers.

Crystal Rans0m Ransomware represents a serious threat to computer users due to its dual capability of encrypting files and stealing information. This ransomware, written in the Rust programming language, stands out because it does not append any specific extension to the encrypted files, which can make it harder for victims to identify the infection. During the encryption process, the malware uses sophisticated algorithms, rendering files unusable without the corresponding decryption key. Upon encryption, a pop-up message appears on the victim's screen, containing a ransom note that demands a payment of $50 in Monero (XMR) cryptocurrency. The note also provides a countdown timer to pressure the victim and instructs them to contact the attackers via the Session messaging app using a specified Session ID.

Secdojo Ransomware is a sophisticated type of malware designed to encrypt files on an infected system, rendering them inaccessible until a ransom is paid. Typically deployed through malicious email attachments, illicit downloads, or software vulnerabilities, this ransomware appends a unique file extension, .secdojo, to all the encrypted files. For instance, a file named document.txt would be renamed to document.txt.secdojo, indicating that the file is under the control of the attackers. The ransomware employs strong encryption algorithms, commonly using AES (Advanced Encryption Standard) and RSA (Rivest–Shamir–Adleman) to lock files, making decryption without the attackers' key virtually impossible. Compounding the problem, Secdojo Ransomware generates a ransom note file named index.html in each affected directory. This note typically warns victims that their files are encrypted and gives instructions on how to pay the ransom, which is usually demanded in Bitcoin.

RDP (Chaos) Ransomware is a malicious program that belongs to the Chaos ransomware family. It is designed to encrypt data on infected computers and subsequently extort victims for payment in exchange for the decryption key. Once launched on a computer, the ransomware scans for files and, upon locating them, encrypts these files and appends a new extension, .encrypted, to their filenames, making the original files inaccessible. For instance, a file named document.docx will be renamed to document.docx.encrypted. After the successful encryption of files, the ransomware alters the victim’s desktop wallpaper and drops a ransom note titled read_it.txt. This note informs the victim that their files have been encrypted and provides instructions on how to restore the affected data, typically demanding payment in cryptocurrency such as Bitcoin, Litecoin, Ethereum, or Solana.

Tyson Ransomware is a form of malicious software that falls into the category of ransomware. Once it infects a computer, it encrypts the user's files, making them inaccessible without a specific decryption key. This ransomware appends its unique extension .tyson to the encrypted files, indicating they have been compromised. For example, a file named document.docx would be renamed to document.docx.tyson. The encryption algorithm used by Tyson Ransomware is typically robust, often employing advanced cryptographic techniques that make decryption nearly impossible without the attackers' original key. This encryption further complicates the victim's ability to use their files, as the ransomware encrypts various types of files including documents, images, and databases. Once files are encrypted, Tyson Ransomware generates a ransom note titled DECRYPTION INSTRUCTIONS.txt and places it in various locations on the compromised system, such as the desktop.

Discovered during a routine examination of malware submissions to VirusTotal, Foxtrot Ransomware is a nefarious variant from the MedusaLocker family. This ransomware encrypts files and appends the extension .foxtrot70 to the filenames, making previously accessible files inaccessible without the decryption key. Upon encryption, it generates a ransom note named How_to_back_files.html, which is placed in all affected directories. The note claims that files have been encrypted using a combination of RSA and AES cryptographic algorithms, a blend designed to thwart any decryption attempts without the attacker's specific key. Victims are warned against using any third-party recovery software, as this would allegedly lead to permanent data corruption. Additionally, the note ominously states that confidential and personal data has been exfiltrated and will be released publicly unless the ransom is paid within 72 hours. To instill a semblance of trust, the attackers offer to decrypt a few non-sensitive files for free.