Viruses

Enmity Ransomware is a type of malware designed to encrypt data, modify the filenames of all encrypted files, and leave a ransom note. This ransomware is a potent form of malware that targets computers with the harmful intent of encrypting the files stored on them. It is developed by individuals with criminal intentions and operates as a ransom-demanding infection. Enmity Ransomware modifies the original names of the encrypted files by appending a complex pattern to the filenames, following the format: {random-string}-Mail-[rxyyno@gmail.com]ID-[].{random-extension}. The email address used in the file extensions is rxyyno@gmail.com, while the rest of the pattern is dynamically generated for each victim individually. It also appends a 6 random character extension to the end of the encrypted data filename. Enmity Ransomware leaves behind a text file named Enmity-Unlock-Guide.txt on the infected device.

Mlwq is a ransomware variant that belongs to the Djvu family. This malicious software carries out file encryption and appends the .mlwq extension to the original filenames of all affected files. For instance, Mlwq renames 1.txt to 1.txt.mlwq, 2.jpg to 2.jpg.mlwq, and so forth. Once the Mlwq ransomware infects a system, it targets various types of files, such as documents, pictures, and databases making them unreadable and unusable. The Mlwq ransomware uses the Salsa20 encryption algorithm. This is not the strongest method, but it still provides an overwhelming amount of possible decryption keys, making it practically impossible to "hack". After the encryption process, Mlwq ransomware leaves behind a ransom note titled _readme.txt containing instructions for victims.

PepeCry is a ransomware discovered during an analysis of samples uploaded to the VirusTotal website. It is designed to encrypt files, making them inaccessible, and add the .cry extension to filenames. For example, it renames 1.jpg to 1.jpg.cry and 2.png to 2.png.cry. PepeCry displays a ransom note in a pop-up window, demanding a ransom of 1 BTC to decrypt the files. The note is designed to instill fear and urgency, encouraging victims to pay the ransom. According to the ransom note provided, PepeCry ransomware uses the AES256 encryption algorithm. The note states FACIL METE LA CLAVE DE DESENCRIPTADO AES256, which translates to "Easy, enter the AES256 decryption key." AES256 is a symmetric encryption algorithm known for its strong security, making it virtually impossible to decrypt the files without the correct decryption key.

Ttap Ransomware is a malicious software that belongs to the STOP/Djvu ransomware family. It encrypts a range of files on the victim's computer and appends the .ttap extension to their filenames. The primary goal of this ransomware is to extort money from victims by demanding a ransom payment in exchange for decryption tools. Ttap Ransomware uses the Salsa20 encryption algorithm to encrypt files. Although not the strongest method, it still provides an overwhelming number of possible decryption keys, making brute force attacks infeasible. After encrypting the files, Ttap Ransomware creates a text file named _readme.txt containing the ransom note. The note informs victims about the encryption and demands a ransom payment ranging from $490 to $980 in Bitcoins.

SULINFORMATICA is a ransomware-type program that encrypts files on the victim's computer, making them inaccessible. The encrypted files have the .aes extension added to them. The attackers demand a ransom payment in exchange for the decryption key required to regain access to the encrypted files. SULINFORMATICA ransomware creates a ransom note named Instruction.txt. The note informs the victim that their company network has been compromised, and their files have been encrypted. The attackers claim that full recovery is possible with decryption and provide contact information for the cybercriminals. The specific encryption algorithm used by SULINFORMATICA ransomware is not yet determined. However, ransomware programs typically use symmetric or asymmetric cryptographic algorithms to encrypt files.

Ttza Ransomware is a variant of the Djvu ransomware family that encrypts files on infected computers and appends the .ttza extension to the filenames of all affected files. It is distributed through various methods, such as spam emails, fake software cracks, and exploiting vulnerabilities in operating systems and installed programs. Ttza Ransomware uses the Salsa20 encryption algorithm to encrypt files. Although not the strongest method, it still provides an overwhelming number of possible decryption keys, making brute-forcing the decryption key virtually impossible. After encrypting files, Ttza Ransomware generates a ransom note named _readme.txt containing contact information and payment instructions. The ransom note is placed in every folder on the infected system. Victims are asked to contact the ransomware authors via the support@fishmail.top and datarestorehelp@airmail.cc email addresses.

Byee Ransomware is a type of malicious software designed to encrypt data on a victim's computer and demand a ransom for its decryption. It was discovered during a routine inspection of new malware submissions to the VirusTotal platform. Byee encrypts files and appends their filenames with a .byee extension (e.g., 1.jpg becomes 1.jpg.byee). After the encryption process, it drops a ransom note titled read_it-EC.txt. Note reassures the victim that they can restore their files, which have been encrypted. The note concludes with the cybercriminals' contact information, which is provided via Telegram. The specific encryption algorithm used by Byee Ransomware is not known. However, modern ransomware often uses hybrid techniques that merge symmetric and asymmetric encryption.

Ttrd Ransomware is a variant of the Djvu family, which encrypts files on the victim's computer and demands a ransom for decryption. It uses the AES encryption algorithm to lock various file types, including videos, images, audios, and documents. This robust encryption method makes it difficult, if not impossible, to find the decryption key without the attackers' assistance. Once the files are encrypted, they become inaccessible, and the ransomware appends a .ttrd extension to the filenames. After encrypting the files, Ttrd Ransomware displays a ransom note in a text file named _readme.txt. The note provides guidance on how to establish contact with the attackers and outlines the pricing for decryption services. Victims are directed to communicate with the attackers using designated email addresses, such as support@freshmail.top or datarestorehelp@airmail.cc.