Tutorials

Meduza Ransomware, also known as MedusaLocker, is a malicious software that targets and encrypts files on a victim's computer, rendering them inaccessible. It was first observed in September 2023 and has since been targeting corporate victims worldwide. Meduza Ransomware operates as a Ransomware-as-a-Service (RaaS) model, collaborating with global affiliates to expand its reach and impact. Meduza Ransomware encrypts files using the AES-256 encryption algorithm and appends .meduza24 extension. After encrypting the files, it deletes any file backups it can find on the user's computer to hinder recovery efforts. The ransomware creates a ransom note named How_to_back_files.html in each folder containing encrypted files. The note provides an explanation of what has happened to the user's files and instructions on how to pay a ransom to decrypt the files.

Mzop Ransomware runs encryption of data (with RSA 2048 + Salsa20 algorithms), renames filenames with the .mzop extension, and demands money for its return. These traits make it categorized as a ransomware infection. It is also part of a very popular and dangerous ransomware family called STOP/Djvu which is responsible for hundreds of devastating infections. Once Mzop installs onto a system, users will lose access to files they used to open prior to the infection. This is how an infected file will look after successful encryption - from healthy 1.pdf to encrypted 1.pdf.mzop. As soon as the process is done, Mzop unveils ransom instructions inside of text note (_readme.txt). Developers use the same template they did with other ransomware variants originating from the STOP/Djvu family.

Electronic Ransomware is a type of malware that encrypts files on a victim's computer, rendering them inaccessible until a ransom is paid to the attacker. The encrypted files are appended with the .ELCTRONIC file extension, and a ransom note named README ELECTRONIC.txt is created to inform the victim about the attack and provide instructions for payment. This note provides information about the attack, instructions for payment, and contact information for the cybercriminals, which may include email addresses and Telegram usernames. The specific encryption algorithm used by Electronic Ransomware is not yet known. However, ransomware typically uses complex encryption algorithms to encrypt the victim's data, making it impossible to decrypt without the attacker's unique decryption key.

ReadText Ransomware is a malicious program that belongs to the MedusaLocker ransomware family. It targets companies and utilizes double-extortion tactics to encrypt important files on the victim's computer and demand a ransom for their decryption. ReadText Ransomware appends the .readtext4 extension to the original filenames of the encrypted files. The number in the extension may vary depending on the ransomware variant. While the specific encryption method used by ReadText Ransomware is not known, modern ransomware typically employs a hybrid encryption scheme, combining symmetric encryption algorithms like AES with asymmetric encryption algorithms like RSA. After encrypting the files, ReadText Ransomware drops a ransom-demanding message named How_to_back_files.html.

Mzqt Ransomware is a variant of the Djvu ransomware family that encrypts files on the victim's computer and demands a ransom for their decryption. It appends the .mzqt extension to the encrypted files, making them inaccessible. For example, a file named sample.jpg would be renamed to sample.jpg.mzqt. The ransomware also generates a ransom note named _readme.txt containing instructions on how to contact the attackers and initiate a partial payment. Mzqt Ransomware uses an advanced encryption algorithm to encrypt users' data, rendering the files useless. It belongs to the Stop/Djvu family, which is known for its advanced cryptographic algorithm. It is essential to remove the ransomware from the infected system before attempting any file recovery methods. A powerful malware removal tool can help scan the computer and delete all threats at once.

Mzre Ransomware is a malicious software that encrypts files on infected computers, rendering them inaccessible. It is a variant of the Djvu ransomware family and is known to append the .mzre extension to the filenames of encrypted files. For example, a file named 1.jpg would be changed to 1.jpg.mzre. Mzre Ransomware may also be distributed alongside information-stealing malware like Vidar and RedLine. Mzre Ransomware encrypts files using a powerful cryptography algorithm and adds extensions to the filenames. This makes the files inaccessible and forces victims to pay a ransom to regain access to their data. Upon encrypting the files, Mzre Ransomware creates a ransom note named _readme.txt. The note provides information on how to establish contact with the attackers and outlines the decryption costs.

NIGHT CROW Ransomware is a malicious software designed to encrypt data on a victim's computer and demand payment for its decryption. It appends the .NIGHT_CROW extension to the encrypted files, making them inaccessible. For example, a file initially named sample.docx would become sample.docx.NIGHT_CROW. After encrypting the files, NIGHT CROW drops a ransom note titled NIGHT_CROW_RECOVERY.txt on the infected system. Although the specific encryption algorithm used by NIGHT CROW is not yet discovered, ransomware typically employs strong encryption algorithms, such as AES, to lock the victim's files. The ransom note created by NIGHT CROW informs the victim that their files have been encrypted but reassures them that the data is recoverable. The note instructs the victim to pay a 0.000384 BTC (Bitcoin cryptocurrency) ransom, which is approximately 10 USD at the current exchange rate. This amount is relatively low compared to other ransomware demands.

Azop Ransomware is a malicious software program that encrypts files on targeted computer systems, rendering them inaccessible. It is a member of the STOP/Djvu malware family and is known for its strong encryption capabilities. Azop Ransomware appends the .azop extension to the encrypted files, making them unreadable and unusable. For example, it changes 1.jpg to 1.jpg.azop and 2.png to 2.png.azop. Azop Ransomware uses the Salsa20 encryption algorithm to encrypt files. This strong encryption method makes it particularly difficult, if not impossible, to find the decryption key without cooperating with the attackers. Azop Ransomware creates a ransom note in the form of a text document named _readme.txt. The note contains instructions on how to contact the criminals behind Azop and pay a ransom in exchange for the decryption key.