Ransomware

Moroccan Dragon Ransomware is a malicious program designed to encrypt files on an infected computer and demand a ransom for their decryption. Unlike typical malware, it targets a wide range of file types, including documents, photos, videos, and databases. Once it infiltrates a system, it modifies the files by adding a .vico extension, rendering them inaccessible to the user. The original filenames are altered, transforming something like 1.jpg into 1.jpg.vico. This particular ransomware employs advanced encryption algorithms that create a significant hurdle for victims wishing to regain access to their data. Encrypted files cannot be accessed without a unique decryption key, which the attackers hold. Following the encryption process, the ransomware creates a ransom note file, named case_id.txt, typically placed in various directories throughout the computer and sometimes even replacing the desktop background with instructions. Astonishingly, Moroccan Dragon was found to be in a developmental phase during which critical ransom demand details such as the cryptocurrency wallet address and contact information were missing from the ransom notes, highlighting some operational flaws.

Tianrui Ransomware is a malicious program first discovered by security researchers during a submission inspection on VirusTotal, and falls into the category of ransomware-type viruses. Similar to other ransomware threats like Hush, MoneyIsTime, and Boramae, it encrypts files on the victim's computer and demands a ransom for the decryption. Once files are encrypted, their original names are modified by appending a unique identifier followed by the .tianrui extension. For instance, a file initially named 1.jpg appears as 1.jpg.{uniqueID}.tianrui after encryption. This ransomware creates a ransom note titled README.TXT in every affected directory. The ransom note warns victims that failing to pay the ransom will lead to the public release of stolen data and further attacks.

EndPoint Ransomware is a malicious software variant from the Babuk family that targets computers, encrypting files to hold them hostage for financial gain. Upon infection, it encrypts files using sophisticated algorithms, ensuring that victims cannot readily recover their data without specific decryption tools. The ransomware appends the .endpoint extension to each encrypted file, making them inaccessible to users without a decryption key. This alteration is part of its hallmark behavior, effectively rendering traditional file recovery methods futile. After encryption, the ransomware delivers a ransom note titled How To Restore Your Files.txt. This file is typically placed within affected directories and the desktop, informing victims of their data being stolen and encrypted, and instructing them to contact the attackers via a Session Messenger ID or email for negotiation on the decryption key. The note intimidates users, warning them about the irreversible consequences of attempting to restore the files independently.

P*zdec Ransomware is a malicious program belonging to the GlobeImposter ransomware family. It encrypts files on infected computers, appending them with the distinctive .p*zdec extension. This means an original file named example.jpg becomes example.jpg.p*zdec upon encryption. The ransomware employs advanced cryptographic algorithms to lock the files, rendering them inaccessible to users without a decryption key. After infecting a system, it creates a ransom note named how_to_back_files.html, placing it on the desktop and in directories containing encrypted files. This note demands a ransom payment, typically in Bitcoin, in exchange for the decryption key necessary to restore access to the encrypted files.

Louis Ransomware is a malicious software that encrypts files on infected systems, appending the file extension .Louis to them, effectively making them inaccessible without decryption. The ransomware employs strong encryption algorithms to secure the data, which renders manual decryption practically impossible. Upon completing the encryption process, it creates a ransom note named Louis_Help.txt. This note is strategically placed in accessible locations, such as the desktop and various folders within the system, to ensure the victim is quickly informed about the situation. The note describes that the victim's files have been encrypted and demands a ransom to be paid in return for a decryption key, often emphasizing the urgency by suggesting the files could be permanently lost if instructions are not followed.

Hush Ransomware is a malicious software designed to encrypt files on a victim's computer and demand a ransom in exchange for a decryption key. Once executed, it goes through the system, encrypting various file types such as documents, images, and databases. A noticeable feature of this ransomware is its alteration of file names, appending each with a victim’s unique ID and the .hush extension. For example, a file named document.pdf would become document.pdf.{uniqueID}.hush, effectively rendering it inaccessible without the decryption key. The encryption algorithm utilized by Hush is sophisticated, often involving strong cryptographic standards that ensure only those with the correct decryption key can unlock the files. This demonstrates a significant challenge to victims, as decrypting the files without cooperation from the attackers is theoretically infeasible with current technology. A threat is certainly compounded by the creation of a ransom message known as README.TXT, which is typically generated on the victim's desktop or within encrypted folders.

Jett Ransomware belongs to a notorious category of malware known for causing severe disruptions by encrypting user files and demanding a ransom for their release. Identified by appending the .jett extension to encrypted files, this malicious software uses advanced AES-256 and RSA-2048 encryption algorithms, making unauthorized decryption a formidable challenge. Upon infecting a system, Jett Ransomware modifies filenames by appending a unique victim ID followed by an associated contact email and the .jett extension. Users will notice files like document.docx transformed into document.docx.[VictimID][info@cloudminerapp.com].jett, rendering them inaccessible. This ransomware is ruthless in its communication, creating ransom notes like info.hta and ReadMe.txt, which are dropped into affected directories to inform victims of the unfortunate situation and guide them to pay a ransom in exchange for a decryption tool. It is important to remember that paying the attackers is highly discouraged and does not guarantee file restoration.

Boramae Ransomware is a type of malicious software designed to encrypt data on an infected system and demand a ransom in exchange for decryption. This ransomware adds the .boramae file extension to compromised files, effectively rendering them inaccessible to the user. The attackers leverage fear by implying that refusal to pay could lead to the exposure of sensitive company information to other hacker groups. Boramae typically employs sophisticated encryption algorithms, making it nearly impossible to decrypt the files without the specific decryption key held by the attackers. Once it has completed its encryption routine, the ransomware drops a ransom note in the form of a README.TXT file, detailing the payment instructions and emphasizing the urgency by promising a reduced ransom if contacted within 12 hours. Unfortunately, as of now, there are no known decryption tools available for files encrypted by Boramae Ransomware. The encryption methods used are complex and if implemented correctly, they prevent data recovery without the cybercriminals’ decryption key. It is vital for victims to explore alternatives to paying the ransom, such as restoring files from pre-existing backups. In the absence of available backups, users are often left with limited options other than waiting for a legitimate decryption tool to emerge from security researchers’ efforts to crack the encryption. For now, those affected are advised to secure their systems by disconnecting from networks to prevent further spread, consulting law enforcement, and monitoring resources such as the No More Ransom Project for potential updates or breakthroughs in decryption capabilities.