Ransomware

D0glun Ransomware is a particularly menacing type of malware classified as ransomware, designed to encrypt the victim's files and hold them hostage in exchange for a ransom. This malicious software targets a wide spectrum of file types, including documents, images, and videos, disrupting personal and business operations. Upon infection, the ransomware appends a specific and distinct extension to the affected files following the pattern .@D0glun@[original_extension], visibly altering the filenames and rendering the files inaccessible. Its encryption algorithm is highly advanced, often utilizing a combination of symmetric and asymmetric cryptography, making decryption without the attacker’s involvement nearly impossible. Following the encryption process, victims are left with a pop-up window or altered desktop wallpaper displaying a ransom note, written in gibberish if the Chinese alphabet is not installed, informing them of the situation and directing them to pay a ransom in Bitcoin. This ransom note is strategically placed to ensure it is prominently seen, adding pressure to the victim's decision-making process.

BlackPanther Ransomware is a malicious program recognized for encrypting user data and appending the .Bpant extension to files, effectively holding them hostage. This type of malware primarily targets sensitive and personal files, including documents, images, and databases, rendering them inaccessible without a cryptographic key. Upon infection, victims find a file originally named, for instance, 1.jpg transformed to 1.jpg.Bpant. The encryption employs robust cryptographic algorithms that are practically impossible to decrypt without the specific decryption key, typically known only to the cybercriminals behind the attack. Once encryption is complete, the ransomware alters the system's desktop wallpaper and presents a pre-login screen with a daunting ransom message. It also drops a text file, named Bpant_Help.txt, containing instructions on how victims can allegedly restore access to their files by making a cryptocurrency payment to an untraceable account.

Hyena Ransomware is a pernicious form of malware that encrypts files on a victim's computer, rendering them inaccessible, and subsequently demands a ransom for their release. As part of the MedusaLocker family, this ransomware appends the .hyena111 extension to each affected file, making it unrecognizable to the system and unusable by the user. The attackers leverage advanced encryption methods, specifically RSA and AES algorithms, to secure the files in a way that prevents decryption without their unique decryption key. During the attack, READ_NOTE.html, a ransom note file, is deposited onto the compromised system. This file, often prominently displayed or found in multiple directories, informs victims of the breach, threatening to release, sell, or permanently lock data unless payment is received. In the note, victims are instructed not to use third-party software for file recovery, warning that attempts could result in data corruption.

WeRus Ransomware is a malicious software program that targets user data by encrypting files and demanding a ransom for their decryption. This nefarious ransomware appends a .werus extension to the filenames of the encrypted files, which makes accessing the data without the decryption key impossible. For instance, a file named document.docx would be renamed to document.docx.werus after encryption. The encryption mechanism employed by WeRus is robust, often involving sophisticated cryptographic algorithms that ensure only the attackers can provide the necessary decryption key. Once the encryption process is completed, WeRus changes the desktop wallpaper and drops a ransom note named Readme_[victim's_ID].txt across the victim's desktop environment. This note informs the victims of their encrypted files and demands a hefty payment, typically in Bitcoin, within a specific timeframe, warning that failure to comply might result in permanent data loss.

Nnice Ransomware is a malicious software that targets individuals and organizations by encrypting files on their systems and demanding a ransom for decryption. This type of ransomware typically infiltrates through phishing emails with malicious attachments, compromised websites, or via unauthorized downloads from untrusted sources. Once it breaches a system, the ransomware encrypts files utilizing a sophisticated encryption algorithm, leaving them inaccessible to the user. Each affected file is appended with a .nnice extension, effectively rendering file types such as documents, images, and videos unusable without decryption. Victims are left with a stark reminder of the cybercriminal's presence: a ransom note. This note usually appears in a text file named read_me.txt, which is placed either in every folder containing encrypted files or prominently on the desktop. The note instructs victims on how to contact the attacker, often through an email address, and details the ransom payment method—typically involving cryptocurrencies to maintain anonymity.

SAGE 2.2 Ransomware represents a potent and evolving cyber threat, building on its predecessor by encrypting critical data and demanding payment in exchange for decryption. This malicious software primarily targets Windows operating systems. Upon infiltrating a system, it encrypts user files, adding the distinctive .sage extension, effectively barring any access to the infected files. For instance, a file named document.txt would be renamed to document.txt.sage. The ransomware utilizes complex encryption algorithms that incorporate elliptic curve cryptography, making the decryption of files without the appropriate key exceedingly difficult. Victims first encounter the ransomware through a commandeered desktop wallpaper and a crafted ransom note named !HELP_SOS.hta. Presented in both audio and text formats, the ransom note is multilingual, targeting a wide audience by including languages like English, German, and Spanish. This message declares that data has been encrypted and insists that the only method to recover these files is by obtaining a unique decryption key in addition to the "SAGE Decrypter" software.

Anomaly Ransomware emerges as a pervasive threat in the digital landscape, encrypting users' files and demanding a ransom for their decryption. Borne from the Chaos ransomware family, this malware modifies filenames by appending a distinct extension composed of four random characters, such as .gswo or .xlzj, concealing the true nature of the files. Utilizing a complex encryption algorithm, Anomaly Ransomware renders user files inaccessible without the proper decryption key, which remains solely in the possession of the cybercriminals. Upon infecting a system, it dramatically alters the desktop wallpaper and places a ransom note in a text file named read_it.txt. This file informs victims that their data is now encrypted, emphasizing the acquisition of the decryption key as the only means of data recovery, with the demand set at 0.05 BTC. While paying the ransom might seem like a solution, there is no guarantee that the attackers will fulfill their promise of delivering the decryption key, as history shows many victims are left out in the cold even after payment.

Sspq Ransomware is a malicious software variant that belongs to the notorious Djvu ransomware family, known for encrypting files on the infected system and demanding a ransom for their decryption. Once executed, this ransomware appends the .sspq extension to all affected files, rendering them inaccessible. For example, a file named document.pdf would be transformed into document.pdf.sspq. The ransomware also generates a ransom note in the form of a text file named _readme.txt, typically placed in each directory containing encrypted files. This note informs victims that their files have been encrypted with a strong encryption algorithm and provides instructions on how to contact the attackers via email. Victims are warned that they must pay a ransom within a specific timeframe to receive a decryption tool and unique key, with a higher fee imposed if the deadline is missed.