Ransomware

Qqjj Ransomware is a type of malicious software that belongs to the Djvu ransomware family, designed to encrypt files on an infected computer and demand a ransom for their decryption. Once it infiltrates a system, it appends the .qqjj extension to the names of encrypted files, transforming a file like image.jpg into image.jpg.qqjj. This ransomware employs strong encryption algorithms, making it virtually impossible to decrypt the files without the proper decryption tool, which is typically only available to the attackers. Along with the encrypted files, Qqjj Ransomware drops a ransom note named _readme.txt on the desktop and in various folders, detailing the ransom payment instructions and contact information for the cybercriminals. Victims are usually instructed to pay $980, with a discount of 50% if they contact the attackers within 72 hours, reducing the ransom to $490.

ShrinkLocker Ransomware emerged on the landscape in April-May 2024 and has been a significant concern for security experts. This malicious program uses a combination of AES and RSA algorithms to encrypt user files, making them inaccessible without a decryption key. Interestingly, ShrinkLocker does not add specific file extensions to the encrypted files, which can make it more challenging to identify. Instead, it renames the system disk with an email address through BitLocker, urging victims to contact the attackers for decryption instructions. The ransom note associated with ShrinkLocker is not a conventional text file or document. Instead, the ransom note is a new sign that appears on the system disk in the form of an email address. This detail implies that the ransomware primarily targets administrators who may overlook this change without booting into a recovery environment.

Detected during a malware sample examination on VirusTotal, Labour Ransomware is a type of cyber malicious software that encrypts files on infected systems, effectively taking them hostage. Upon encryption, it appends the .labour extension to the original file names, transforming files like 1.jpg into 1.jpg.labour. Victims are alerted to the encryption through a ransom note created as a text file named README.txt, typically placed in prominent directories. The note demands the victim email the attacker (often to email addresses like bfe1234@yahoo.com) and provide a unique ID alongside a private IP address. Additionally, it threatens the publication of sensitive files on deep web forums if the ransom isn't paid promptly. Generally, paying the ransom is not advisable as attackers frequently fail to provide legitimate decryption tools even after payment.

Wikipedia Ransomware is a type of malicious cryptovirus that targets individual and organizational data by encrypting files and demanding a ransom for decryption. It appends the .wikipedia extension to the names of the encrypted files, rendering them inaccessible without the unique decryption key. This ransomware often uses a robust combination of encryption algorithms, such as AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman) to secure the files, making it extremely difficult to decode the data without the proper decryption key. Victims typically find a how_to_decrypt_files.txt file within affected directories, which serves as the ransom note. This note provides instructions on how to pay the ransom, usually in Bitcoin, and contains threats that further attempts to decrypt the files without following the cybercriminals' guidelines may result in permanent data loss.

Ursq Ransomware is a sophisticated and malicious program categorized under the ransomware-type family known as Makop. This insidious software encrypts various file types on the infected system, rendering them inaccessible until a ransom is paid. Victims will notice that their once-accessible files now bear the extension .ursq, appended to their original names. For instance, a file initially labeled as document.txt would appear as document.txt.[uniqueID].[email].ursq. Utilizing complex cryptographic algorithms, this ransomware ensures that data remains locked away unless the cybercriminals' decryption keys are obtained, making unauthorized decryption nearly impossible. Once encryption is complete, Ursq creates a ransom note named +README-WARNING+.txt on the affected device, usually placed in every directory containing encrypted files. This note provides instructions on how victims can pay the ransom to retrieve their data, further warning them against utilizing third-party recovery tools or antivirus software as such actions may corrupt the encrypted files beyond repair.

FastWind Ransomware is a notorious malware variant that belongs to the GlobeImposter family. This type of ransomware is designed specifically to encrypt users' files, rendering them inaccessible, and subsequently demand a ransom for decryption. Upon infection, it appends the .FastWind extension to compromised files. For instance, a file named photo.jpg would be renamed to photo.jpg.FastWind. The ransomware then generates a ransom note in the form of an executable file named HOW TO BACK YOUR FILES.exe. When executed, this file presents victims with instructions on how to contact the attackers via specific email addresses to negotiate the decryption of their files. The ransom note stresses that victims must send a sample encrypted file along with their personal ID and await further instructions after payment.

Jinwooks Ransomware is a malicious software program discovered recently by cybersecurity researchers while analyzing new threats submitted to VirusTotal. This ransomware is designed to encrypt files on an infected system, making them inaccessible to the user. Upon encrypting a file, it appends the extension .jinwooksjinwooks to the filename, altering its structure; for instance, a file named image.png would be renamed to image.png.jinwooksjinwooks. This type of malware typically utilizes strong cryptographic algorithms to lock the files, making them virtually impossible to decrypt without a specific key held by the attackers. To communicate their demands, Jinwooks ransomware creates a ransom note named read_it.txt on the user's desktop, written in Korean, which instructs victims to pay a ransom of $300 to get the decryption key. The note also warns against any attempts to remove the ransomware or running antivirus software, claiming that these actions could result in permanent data loss.

Hhjk Ransomware, a member of the Djvu ransomware family, is a malicious software that encrypts files on infected systems, making them inaccessible to users. Upon infiltrating a computer, it changes the filenames by appending the .hhjk extension to them—for example, document.docx becomes document.docx.hhjk. The encryption algorithm employed by Hhjk is highly advanced, making it extremely difficult to decrypt the files without the specific decryption key held by the cybercriminals. After the encryption process is completed, a ransom note file named _readme.txt is created in every folder that contains encrypted files. This note informs victims about the encryption and provides instructions on how to pay the ransom, which typically amounts to 980 USD, though a discount is offered if the victim contacts the attackers within 72 hours, reducing the ransom to 490 USD.