Ransomware

Infected Ransomware is a variant belonging to the notorious MedusaLocker family, specifically designed to encrypt files and demand a ransom for their restoration. Victims infected by this ransomware find that their important files become inaccessible, as Infected locks them away using sophisticated encryption algorithms. The malware appends the .infected file extension to affected files, making it evident that these files have been compromised. For instance, if a file named document.docx is encrypted, it will be renamed to document.docx.infected. The encryption process employs a combination of RSA and AES encryption techniques, which makes it exceptionally challenging for anyone without the decryption key to regain access to their data. When the encryption operation is complete, a ransom note is created and saved as HOW_TO_BACK_FILES.html. This note typically appears on the desktop, instructing the victims on how to proceed for file recovery by contacting the attackers.

2700 Ransomware is a variant belonging to the notorious Phobos family, notorious for delivering serious threats to victimized systems. This malicious software primarily targets Windows environments, silently infiltrating systems through various vectors like phishing emails or exploiting application vulnerabilities. Once inside, it encrypts a wide array of files, making them inaccessible to the user. The virus adds specific file extensions to denote encryption, notably appending .2700 at the end of file names. Additionally, it generates ransom notes, which appear as info.hta or info.txt files, to inform victims of the situation and instruct them on how to pay for decryption. The encryption process is sophisticated, leveraging strong crypto algorithms that render the files unrecoverable without the decryption key.

HorrorDead Ransomware is a malicious piece of software that primarily targets files on infected systems, employing aggressive encryption methods to lock users out of their valuable data. Upon infection, it adds the extension .encrypted@HorrorDeadBot to a variety of file types, making them inaccessible without decryption. The encryption scheme utilized by HorrorDead is robust and has been noted to involve AES-256, which is known for its strong security characteristics. Once the encryption process is completed, victims are typically greeted by a ransom note that appears as a desktop wallpaper on their devices, providing instructions that claim to guide victims to a decryption solution. However, the note, often written in Russian, creates a false sense of trust by assuring users that the decryptor is safe, so it's vital for users to maintain skepticism regarding any tools offered by the attackers.

Cronus Ransomware is a new strain of malware that has been actively targeting users, particularly through phishing tactics aimed at PayPal customers since at least July 2024. The attack typically begins with a socially engineered document titled paypal_charges.doc, which entices victims to open it. Upon execution, this document connects to an external file hosting service to download what masquerades as a JPG file, but is actually a heavily obfuscated PowerShell script. Once executed, the ransomware encrypts files on the victim’s system and appends random file extensions to those encrypted files, complicating recovery efforts. Known extensions added by the Cronus Ransomware include variations resembling random characters, making it difficult for users to recognize the modified files. Following the encryption process, victims receive a ransom note named cronus.txt, which outlines the demands for payment to decrypt their files. The note typically contains instructions on how to proceed with the payment, often demanding cryptocurrency as the preferred method.

Lynx Ransomware is a notorious piece of malicious software classified as ransomware, designed to encrypt victims' files and demand a ransom for their decryption. Upon infection, it targets various file types, appending a unique .LYNX extension to the encrypted files, making them inaccessible to the victim without the decryption key. This ransomware employs advanced encryption algorithms, ensuring that restoring files without the attackers' assistance is nearly impossible. Alongside the file encryption process, Lynx creates a ransom note, typically named README.txt, which is dropped on the victim's desktop and includes instructions on how to contact the cybercriminals. The note starkly outlines the situation, emphasizing that the victim's files are encrypted and warning of the alleged theft of sensitive data, further pressuring victims to comply with the ransom demands. Victims are usually directed to a Tor website where they can negotiate payment.

ForceLock Ransomware, known for its severe impact, is a malicious program that encrypts files on infected computers, making them inaccessible to users. Once it infiltrates a system, it appends the .forcelock extension to filenames, which signifies that the data has been compromised. The encryption strategies employed by ForceLock utilize robust cryptographic algorithms, specifically RSA and AES, ensuring that the encrypted files are exceedingly challenging to recover without the appropriate decryption key. Victims are met with a ransom note titled how_to_back_files.html, which outlines the extent of the breach and informs users that their files have been locked. This note typically provides instructions on how to engage with the attackers and may include threats regarding the potential release of sensitive data, heightening the urgency for victims to comply with their demands. By leveraging this intimidation tactic, cybercriminals aim to coerce users into paying a ransom, often demanded in cryptocurrency, to regain access to their essential files.

CreamPie Ransomware represents a significant threat within the landscape of cybercrime, as it effectively encrypts user data and demands a ransom for its restoration. This particular strain applies the .CreamPie extension to all affected files, which could encompass a wide variety of formats including documents, images, and databases. Utilizing the AES encryption algorithm, CreamPie Ransomware ensures that encrypted files are nearly impossible to retrieve without the corresponding decryption key. Victims of this malware typically encounter a ransom note named Info.hta, which is generated during the encryption process. This note provides instructions on how to pay the demanded ransom, usually in Bitcoin, to unlock their files. The ransomware can spread via various vectors such as email attachments, malicious downloads, and vulnerabilities in remote desktop protocol (RDP), making it a versatile and dangerous adversary for users.

24H Ransomware is a malicious software designed to stealthily infiltrate computer systems and encrypt user files, making them inaccessible. Once executed, it appends the .24H extension to the filenames of affected files, rendering them unusable until recovery measures are taken. The encryption employed by this ransomware is likely based on complex algorithms, though specific details regarding the cryptographic methods remain undisclosed. Upon successful encryption, 24H Ransomware generates a ransom note named ReadME-24H.txt, which is created and placed in every folder containing encrypted files. This note contains instructions for victims, informing them that their data has been encrypted and demanding a ransom payment, typically in Bitcoin, to receive the necessary decryption tool.