Viruses

Hgkd Ransomware is a variant of the Djvu family of ransomware. It infiltrates computers, encrypts data, and appends the .hgkd extension to filenames. For example, a file named 1.jpg becomes 1.jpg.hgkd. The ransomware generates a ransom note in a text file named _readme.txt. Hgkd ransomware may also involve information-stealing malware like Vidar and RedLine. Hgkd ransomware encrypts files using a strong encryption algorithm and a key. It encrypts files on all drives connected to the computer, including internal hard drives, flash USB disks, network storage, and more. The encryption process is performed using the AES-256 algorithm (CFB mode). The ransom note created by Hgkd ransomware is left in all compromised folders. The note instructs victims to contact the attackers via email or Telegram and pay a ransom of $980 in Bitcoin cryptocurrency to obtain the decryption key.

Rzml Ransomware is a malicious software that belongs to the Djvu family. When a computer is infected, Rzml encrypts files and adds the .rzml extension to their names, making them inaccessible. For instance, 1.jpg becomes 1.jpg.rzml and 2.png turns into 2.png.rzml. Apart from encrypting files, Rzml also creates a ransom note in the form of a text file named _readme.txt. The distribution of Rzml might involve information stealers like Vidar and RedLine. Rzml ransomware encrypts files using the AES-256 algorithm (CFB mode). This encryption method is highly secure and difficult to break without the decryption key. Currently, there is no guaranteed method to decrypt .rzml files without the decryption key provided by the attackers. However, it is not recommended to pay the ransom, as there is no guarantee that the attackers will provide the decryption key or that it will work as intended.

Rzfu Ransomware is a malicious file-encrypting virus that belongs to the Djvu family. It is a variant of the STOP/DJVU malware lineage. When this ransomware infects a computer, it encrypts files using a strong AES-256 encryption key algorithm and appends the .rzfu extension to their filenames. For example, 1.jpg becomes 1.jpg.rzfu and 2.png changes to 2.png.rzfu. The ransomware encrypts various file types, such as videos, photos, and documents. Encrypted files become inaccessible and unusable without the decryption key. Rzfu Ransomware creates a ransom note in the form of a text file named _readme.txt. The note informs victims that all their files are encrypted with strong encryption and that the only way to recover them is to purchase a decrypt tool and a unique key. The ransom demand starts at $980, and victims are given a 50% discount if they pay within 72 hours.

Rzew Ransomware is a malicious software belonging to the Djvu family, designed to encrypt a victim's data and render it inaccessible until a ransom is paid to the attacker. It targets various types of files, such as documents, videos, and photos, and adds the .rzew extension to each encrypted file, making them inaccessible and unusable without the decryption key. Rzew Ransomware uses the Salsa20 encryption algorithm to encrypt files. Although not the strongest method, it still provides an overwhelming number of possible decryption keys, making it extremely difficult to decrypt files without the correct key. After encrypting files, Rzew Ransomware creates a ransom note, a text file named _readme.txt, which informs the victim that their files have been encrypted and demands a ransom payment ranging from $490 to $980 in Bitcoin. The ransom note is placed in all folders containing encrypted files.

Rzkd Ransomware is a malicious software that belongs to the STOP/DJVU ransomware family, which is known for its widespread distribution and high volume of attacks. It targets Microsoft Windows operating systems and encrypts files on the victim's computer, demanding a ransom payment in exchange for a decryption key to restore access to the encrypted files. The ransomware appends the .rzkd extension to the filenames of encrypted files, rendering them inaccessible. For example, it transforms files such as 1.jpg into 1.jpg.rzkd and 2.png into 2.png.rzkd. The encryption algorithm used by Rzkd is Salsa20. Rzkd creates a ransom note, which can be found in a file named _readme.txt. The note provides instructions for contacting the attackers via email addresses (support@freshmail.top and datarestorehelp@airmail.cc) and emphasizes that restoring the encrypted files is only possible with decryption software and a unique key obtained from the cybercriminals behind the attack. The ransom amount ranges from $490 to $980 in Bitcoin.

Deadnet Ransomware is a malicious program that belongs to the MedusaLocker Ransomware family. It is designed to encrypt data and demand payment for its decryption. The ransomware primarily targets companies rather than home users. The impact of Deadnet Ransomware on victim organizations can be significant, leading to financial losses, disruption of operations, and reputational damage. Deadnet Ransomware uses a hybrid encryption scheme, which is common among modern ransomware. This scheme combines symmetric encryption algorithms like AES with asymmetric encryption algorithms like RSA. Although the specific encryption algorithm used by Deadnet Ransomware is not well-studied, this hybrid approach makes it more difficult for researchers and specialists to decrypt the affected files without paying the ransom. Deadnet Ransomware encrypts files and adds the .deadnet26 extension to their filenames. After the encryption process is completed, Deadnet Ransomware drops a ransom note titled HOW_TO_BACK_FILES.html.

Django Ransomware is a type of malicious software that encrypts files on a victim's computer and demands a ransom payment in exchange for the decryption key. It appends the .Django extension to the encrypted files, making them inaccessible. For example, it renames 1.jpg to 1.jpg.Django, 2.png to 2.png.Django, etc. The ransomware also creates a ransom note named #RECOVERY#.txt to inform victims about the encryption and provide instructions on how to regain access to their data. The specific type of encryption algorithm used by Django Ransomware is not yet fully understood. However, modern ransomware often uses a hybrid encryption scheme, combining AES and RSA encryption to secure their malware against researchers attempting to recover encrypted files. The ransom note created by Django Ransomware is placed in each folder containing encrypted files.

Teza Ransomware is a dangerous file-encrypting malware that belongs to the STOP/Djvu family of ransomware. Its primary purpose is to encrypt various types of files, such as documents, videos, photos, and more, making them inaccessible without a decryption key. Once the Teza virus infects a system, it appends the .teza extension to each file, making them unusable. It uses the Salsa20 encryption algorithm to lock the files. Teza Ransomware creates a ransom note in the form of a text file named _readme.txt. The note contains directives from the attackers, featuring two email addresses (support@freshmail.top and datarestorehelp@airmail.cc). It advises victims to communicate with the cybercriminals within 72 hours and demands a ransom payment ranging from $490 to $980 in Bitcoin.