Ransomware

VanHelsing Ransomware is a malicious software belonging to the ransomware category, notorious for encrypting victim’s files and demanding a ransom in the form of Bitcoin for their decryption. This type of ransomware strategically applies a distinct .vanhelsing extension to each encrypted file, effectively transforming a file originally named example.jpg into example.jpg.vanhelsing. Employing sophisticated cryptographic algorithms, VanHelsing ransomware ensures that decryption without the key held by the attackers is virtually impossible. Once the files' encryption is complete, it changes the desktop wallpaper and creates a ransom note named README.txt, which is typically left in an accessible location for the user, such as the desktop. This note informs victims that their data has been compromised and instructs them on how to proceed with the ransom payment while threatening to leak stolen data if demands are not met.

GKICKG Ransomware is a malicious software that encrypts files on infected systems, rendering them inaccessible without a decryption key that the attackers offer for a ransom. Known for its severe impact, this ransomware primarily targets corporate networks, encrypting files and appending a distinctive extension to them. Victims will find their files renamed with a format that integrates their victim ID, ending with the .GKICKG extension. For instance, a file that was once named document.docx would become document.docx.{Victim_ID}.GKICKG. The ransomware employs robust encryption algorithms, often making it nearly impossible to decrypt the files without the attacker's private decryption key. Upon encryption, the ransomware generates a ransom note in a text file named README.TXT, usually placed in every directory where files have been encrypted. This note outlines the attack details, the ransom demands, and threats about leaking stolen data if payment is not made.

Zsszyy Ransomware is a malicious software designed to encrypt files on an infected system, ultimately coercing the victim into paying a ransom for decryption. This ransomware is part of a family of similar threats, sharing traits with others such as Tianrui and Hush. Once it infiltrates a computer, it targets a wide array of file types, rendering them inaccessible by appending a unique extension, .zsszyy, to filenames. For instance, files that were once named document.docx become document.docx.{unique-ID}.zsszyy. The encryption encryption algorithms employed by Zsszyy are typically strong and sophisticated, ensuring that affected files cannot be easily deciphered without a specific decryption key, which is held by the cybercriminals operating the ransomware. This further complicates efforts to recover files without resorting to paying the demanded fee. Victims encounter a ransom note, entitled README.TXT, placed strategically within affected directories. This note delivers the attackers’ demands and threats, often warning against using third-party recovery services and promising that file decryption is swift post-payment.

Moroccan Dragon Ransomware is a malicious program designed to encrypt files on an infected computer and demand a ransom for their decryption. Unlike typical malware, it targets a wide range of file types, including documents, photos, videos, and databases. Once it infiltrates a system, it modifies the files by adding a .vico extension, rendering them inaccessible to the user. The original filenames are altered, transforming something like 1.jpg into 1.jpg.vico. This particular ransomware employs advanced encryption algorithms that create a significant hurdle for victims wishing to regain access to their data. Encrypted files cannot be accessed without a unique decryption key, which the attackers hold. Following the encryption process, the ransomware creates a ransom note file, named case_id.txt, typically placed in various directories throughout the computer and sometimes even replacing the desktop background with instructions. Astonishingly, Moroccan Dragon was found to be in a developmental phase during which critical ransom demand details such as the cryptocurrency wallet address and contact information were missing from the ransom notes, highlighting some operational flaws.

Tianrui Ransomware is a malicious program first discovered by security researchers during a submission inspection on VirusTotal, and falls into the category of ransomware-type viruses. Similar to other ransomware threats like Hush, MoneyIsTime, and Boramae, it encrypts files on the victim's computer and demands a ransom for the decryption. Once files are encrypted, their original names are modified by appending a unique identifier followed by the .tianrui extension. For instance, a file initially named 1.jpg appears as 1.jpg.{uniqueID}.tianrui after encryption. This ransomware creates a ransom note titled README.TXT in every affected directory. The ransom note warns victims that failing to pay the ransom will lead to the public release of stolen data and further attacks.

EndPoint Ransomware is a malicious software variant from the Babuk family that targets computers, encrypting files to hold them hostage for financial gain. Upon infection, it encrypts files using sophisticated algorithms, ensuring that victims cannot readily recover their data without specific decryption tools. The ransomware appends the .endpoint extension to each encrypted file, making them inaccessible to users without a decryption key. This alteration is part of its hallmark behavior, effectively rendering traditional file recovery methods futile. After encryption, the ransomware delivers a ransom note titled How To Restore Your Files.txt. This file is typically placed within affected directories and the desktop, informing victims of their data being stolen and encrypted, and instructing them to contact the attackers via a Session Messenger ID or email for negotiation on the decryption key. The note intimidates users, warning them about the irreversible consequences of attempting to restore the files independently.

P*zdec Ransomware is a malicious program belonging to the GlobeImposter ransomware family. It encrypts files on infected computers, appending them with the distinctive .p*zdec extension. This means an original file named example.jpg becomes example.jpg.p*zdec upon encryption. The ransomware employs advanced cryptographic algorithms to lock the files, rendering them inaccessible to users without a decryption key. After infecting a system, it creates a ransom note named how_to_back_files.html, placing it on the desktop and in directories containing encrypted files. This note demands a ransom payment, typically in Bitcoin, in exchange for the decryption key necessary to restore access to the encrypted files.

Louis Ransomware is a malicious software that encrypts files on infected systems, appending the file extension .Louis to them, effectively making them inaccessible without decryption. The ransomware employs strong encryption algorithms to secure the data, which renders manual decryption practically impossible. Upon completing the encryption process, it creates a ransom note named Louis_Help.txt. This note is strategically placed in accessible locations, such as the desktop and various folders within the system, to ensure the victim is quickly informed about the situation. The note describes that the victim's files have been encrypted and demands a ransom to be paid in return for a decryption key, often emphasizing the urgency by suggesting the files could be permanently lost if instructions are not followed.