Ransomware

Locknet Ransomware is a type of malicious software that belongs to the MedusaLocker family. Its primary purpose is to encrypt files on a victim's computer, making them inaccessible. The ransomware also renames files by adding the .locknet extension to filenames. For instance, it changes a file named 1.jpg to 1.jpg.locknet, 2.png to 2.png.locknet, and so forth. Locknet Ransomware uses a combination of RSA and AES encryption algorithms to encrypt the files on the infected computer. These encryption methods are robust and secure, making it extremely difficult to decrypt the files without the specific decryption key. After encrypting the files, Locknet Ransomware creates a ransom note named HOW_TO_BACK_FILES.html. This note informs victims that their network has been breached and all important files have been encrypted. It warns against attempting to restore the files with third-party software, as this could permanently damage them. The attackers claim that only they can provide the decryption solution.

Mlza Ransomware is a malicious software that belongs to the STOP/DJVU family, known for its malignant file encryption operations. It is a fresh iteration within the Djvu ransomware lineage, with its primary aim being to encrypt files found on a compromised system. Once the Mlza ransomware infects a computer system, it targets various file types, encrypts them, and appends the .mlza extension to the file names. For instance, a file named 1.jpg would be renamed to 1.jpg.mlza. The ransomware uses the Salsa20 encryption algorithm, which, while not the strongest method, still provides an overwhelming amount of possible decryption keys. This encryption makes the files inaccessible and the decryption key almost impossible to find without cooperating with the attackers. Mlza ransomware generates a _readme.txt file containing a ransom note.

Mlrd Ransomware is a type of malicious software that belongs to the Djvu family, a notorious group of ransomware known for encrypting data on infected computers. This ransomware is a new variant of the STOP/DJVU ransomware family, which is infamous for its file-encrypting capabilities. It was discovered during a thorough analysis of samples on VirusTotal. Once the Mlrd ransomware infects a computer, it scans for files to encrypt. It targets a wide range of file types and appends the .mlrd extension to the filenames of the encrypted files. For instance, a file named 1.jpg would be transformed into 1.jpg.mlrd. Mlrd Ransomware uses the Salsa20 encryption algorithm to encrypt files. This is not the strongest method, but it provides an overwhelming amount of possible decryption keys, making it nearly impossible to brute force the decryption key. After the encryption process, Mlrd ransomware leaves behind a ransom note named _readme.txt.

Enmity Ransomware is a type of malware designed to encrypt data, modify the filenames of all encrypted files, and leave a ransom note. This ransomware is a potent form of malware that targets computers with the harmful intent of encrypting the files stored on them. It is developed by individuals with criminal intentions and operates as a ransom-demanding infection. Enmity Ransomware modifies the original names of the encrypted files by appending a complex pattern to the filenames, following the format: {random-string}-Mail-[rxyyno@gmail.com]ID-[].{random-extension}. The email address used in the file extensions is rxyyno@gmail.com, while the rest of the pattern is dynamically generated for each victim individually. It also appends a 6 random character extension to the end of the encrypted data filename. Enmity Ransomware leaves behind a text file named Enmity-Unlock-Guide.txt on the infected device.

Mlwq is a ransomware variant that belongs to the Djvu family. This malicious software carries out file encryption and appends the .mlwq extension to the original filenames of all affected files. For instance, Mlwq renames 1.txt to 1.txt.mlwq, 2.jpg to 2.jpg.mlwq, and so forth. Once the Mlwq ransomware infects a system, it targets various types of files, such as documents, pictures, and databases making them unreadable and unusable. The Mlwq ransomware uses the Salsa20 encryption algorithm. This is not the strongest method, but it still provides an overwhelming amount of possible decryption keys, making it practically impossible to "hack". After the encryption process, Mlwq ransomware leaves behind a ransom note titled _readme.txt containing instructions for victims.

PepeCry is a ransomware discovered during an analysis of samples uploaded to the VirusTotal website. It is designed to encrypt files, making them inaccessible, and add the .cry extension to filenames. For example, it renames 1.jpg to 1.jpg.cry and 2.png to 2.png.cry. PepeCry displays a ransom note in a pop-up window, demanding a ransom of 1 BTC to decrypt the files. The note is designed to instill fear and urgency, encouraging victims to pay the ransom. According to the ransom note provided, PepeCry ransomware uses the AES256 encryption algorithm. The note states FACIL METE LA CLAVE DE DESENCRIPTADO AES256, which translates to "Easy, enter the AES256 decryption key." AES256 is a symmetric encryption algorithm known for its strong security, making it virtually impossible to decrypt the files without the correct decryption key.

Ttap Ransomware is a malicious software that belongs to the STOP/Djvu ransomware family. It encrypts a range of files on the victim's computer and appends the .ttap extension to their filenames. The primary goal of this ransomware is to extort money from victims by demanding a ransom payment in exchange for decryption tools. Ttap Ransomware uses the Salsa20 encryption algorithm to encrypt files. Although not the strongest method, it still provides an overwhelming number of possible decryption keys, making brute force attacks infeasible. After encrypting the files, Ttap Ransomware creates a text file named _readme.txt containing the ransom note. The note informs victims about the encryption and demands a ransom payment ranging from $490 to $980 in Bitcoins.

SULINFORMATICA is a ransomware-type program that encrypts files on the victim's computer, making them inaccessible. The encrypted files have the .aes extension added to them. The attackers demand a ransom payment in exchange for the decryption key required to regain access to the encrypted files. SULINFORMATICA ransomware creates a ransom note named Instruction.txt. The note informs the victim that their company network has been compromised, and their files have been encrypted. The attackers claim that full recovery is possible with decryption and provide contact information for the cybercriminals. The specific encryption algorithm used by SULINFORMATICA ransomware is not yet determined. However, ransomware programs typically use symmetric or asymmetric cryptographic algorithms to encrypt files.