Ransomware

Hhuy Ransomware is a variant of the notorious STOP/DJVU ransomware family. It encrypts images, documents, and other important files on infected computers, rendering them inaccessible. The ransomware then demands a ransom, typically ranging from $490 to $980, payable in Bitcoins, to decrypt the files. Hhuy ransomware targets a wide range of file extensions, including but not limited to .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .pdf, and .psd. Once a file is encrypted, the ransomware appends the .hhuy extension to the file name, making it impossible to open with any program. Hhuy ransomware uses the Salsa20 encryption algorithm. Although not the strongest method, it still provides an overwhelming number of possible decryption keys, making brute force attacks practically impossible with current computing technology. Upon successful encryption, Hhuy ransomware creates a ransom note named _readme.txt. This note typically contains instructions on how to pay the ransom, along with contact information for the attackers, usually in the form of email addresses.

Nbwr Ransomware is a type of file-encrypting malware that belongs to the Djvu family. It is a malicious software that encrypts user data, rendering it inaccessible. The ransomware modifies filenames by appending the .nbwr extension and generates a text file (_readme.txt) containing a ransom note. The ransom note assures the victim that their encrypted files can be restored by purchasing a decrypt tool and a unique key. The price of data decryption is usually high, with a 50% discount available if threat actors are contacted within 72 hours. The Nbwr ransomware uses the Salsa20 encryption algorithm. This method provides an overwhelming amount of possible decryption keys, making brute force attacks virtually impossible. The ransom note assures the victim that their encrypted files can be restored by purchasing a decrypt tool and a unique key.

GrafGrafel is a type of ransomware, a malicious software that encrypts data and demands a ransom for its decryption. It is part of the Phobos ransomware family. The GrafGrafel ransomware targets both local and network-shared files, leaving critical system files unaffected. Once GrafGrafel ransomware infects a computer, it encrypts files and alters their filenames. The original titles are appended with a unique ID assigned to the victim, the cyber criminals' email address, and a .GrafGrafel extension. For example, a file initially named 1.jpg would appear as 1.jpg.id[G7RF34WQE-5687].[GrafGrafel@tutanota.com].GrafGrafel following encryption. The specific encryption algorithm used by GrafGrafel ransomware is yet unknown. However, ransomware typically uses strong encryption algorithms that can only be unlocked by a decryptor code known only to the attacker. After the encryption process is completed, GrafGrafel ransomware creates ransom notes in a pop-up (info.hta) and text files (info.txt). These notes are dropped in encrypted directories and on the desktop.

Nbzi Ransomware is a type of malware that belongs to the Djvu family. Its primary purpose is to encrypt files on the victim's computer, rendering them inaccessible. The ransomware appends the .nbzi extension to the filenames of the encrypted files. For example, a file named 1.jpg would be renamed to 1.jpg.nbzi. It uses a strong encryption algorithm, and each victim's files are encrypted with a unique key. The ransomware uses the Salsa20 encryption algorithm. If Nbzi cannot establish a connection to the attacker's server before starting the encryption process, it uses an offline key, which is the same for all victims. After encrypting the files, Nbzi Ransomware creates a _readme.txt file containing a ransom note. This note informs the victim that all their files have been encrypted and that the only way to recover them is to pay a ransom. The ransom amount typically ranges from $490 to $980.

Jazi Ransomware is a type of malicious software that belongs to the Djvu ransomware family. It operates by infiltrating a system, encrypting files, and appending the .jazi extension to filenames. For instance, it transforms 1.jpg to 1.jpg.jazi, 2.png to 2.png.jazi, and so on. The ransomware then leaves behind a ransom note labeled _readme.txt. The specific encryption algorithm used by Jazi Ransomware is not explicitly mentioned in the search results. However, ransomware typically uses strong encryption algorithms like AES (Advanced Encryption Standard) or RSA (Rivest–Shamir–Adleman) to encrypt files, making them inaccessible without the decryption key. The ransom note informs the victim that their files have been encrypted and suggests buying a decryption tool and a unique key to retrieve the files. The ransom is $980, but a 50% discount is available if the victim contacts the cybercriminals within 72 hours, reducing the amount to $490. The note warns that data recovery is impossible without payment and provides the email addresses support@freshmail.top and datarestorehelpyou@airmail.cc for communication.

Messec Ransomware is a type of virus, a malicious software that encrypts files on a victim's computer, rendering them inaccessible. The primary goal of Messec, like other ransomware, is to demand a ransom from the victim in exchange for the decryption of the affected files. Once Messec infects a computer, it encrypts the files and appends the .messec extension to each filename. For example, a file originally named 1.jpg would be renamed to 1.jpg.messec. The specific encryption algorithm used by Messec ransomware is not explicitly mentioned in the search results. However, ransomware typically uses strong encryption algorithms, such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Adleman), to encrypt files. Messec creates a ransom note named READ_ME.txt in every directory containing encrypted files. The note informs the victim that their files have been encrypted and provides instructions on how to pay the ransom to recover the files. The attackers offer to decrypt three files for free as proof of their decryption capability. The ransom amount is $100, with an additional $25 for each subsequent hour.

Jawr is a type of ransomware that belongs to the Djvu ransomware family. It is a malicious software that encrypts files on a victim's computer, rendering them inaccessible. The ransomware then demands a ransom from the victim, typically in Bitcoin, to decrypt the files. Once Jawr ransomware infects a system, it targets various types of files, such as videos, photos, and documents. It modifies the file structure and adds the .jawr extension to each file, making them inaccessible and unusable without the decryption key. Jawr ransomware uses the Salsa20 encryption algorithm to encrypt the files. This is a robust ciphering method, making it extremely difficult, if not impossible, to pick the decryption key without cooperating with the attackers. After encrypting the files, Jawr ransomware leaves a ransom note named _readme.txt on the system. This note informs the victim that their files have been encrypted and provides instructions on how to pay the ransom to get the decryption key. The ransom note often includes threats of permanent data loss or increased ransom amounts if the ransom is not paid within a specified timeframe.

MuskOff Ransomware is a malicious program based on the Chaos Ransomware, which encrypts files on the victim's computer and demands payment for their decryption. It was discovered by researchers during a routine inspection of new malware submissions to the VirusTotal platform. MuskOff Ransomware appends the .MuskOff extension to the filenames of encrypted files. For example, a file originally named 1.jpg would appear as 1.jpg.MuskOff after encryption. Ransomware generally uses strong encryption algorithms, such as AES or RSA, to encrypt files. After encrypting files, MuskOff Ransomware creates a ransom note named read_it.txt. The note states that the victim's files have been encrypted and demands payment in Bitcoin for their decryption. The cybercriminals request 1500 USD in BTC, but the amount listed in BTC (0.1473766) is worth over 5000 USD at the time of writing.