TECHNICAL BREAKDOWN – “COCKBLOCKER” RANSOMWARE 1. File Extension & Renaming Patterns Confirmation of File Extension: .cockblocker Every encrypted file receives the literal suffix .cockblocker in addition to retaining or replacing the original extension, e.g., ▶ Annual_Report.docx → Annual_Report.docx.cockblocker Renaming Convention: – Appends .cockblocker after the final character (no double-dashes, no email/ID strings). – If the…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: cock.li (added to the end of every file name) Renaming Convention: “[original_file_name].[original_extension].cock.li” Example: Quarterly_Report.xlsx → Quarterly_Report.xlsx.cock.li 2. Detection & Outbreak Timeline Approximate Start Date/Period: First samples surfaced in March 2025 (initial telemetry spike ≈ 2025-03-17) with a rapid increase in infections linked to…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: cock.email is primarily associated with the “.cock” extension. Renaming Convention: Victims typically see files renamed in the form originalfilename.ext.cock. In some later variants the email address [email protected] (or a truncated form) is appended to the encrypted file name so that the full pattern…

COBRA Ransomware – Deep-Dive Report & Recovery Guide (Prepared for community use – v2024-06-24) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .cobra Renaming Convention: Files are renamed with the original file name + 8-hex identifier + email + extension. Example: Accounting_Q2.xlsx → Accounting_Q2.xlsx.id-[A7B9C4D2].[[email protected]].cobra 2. Detection & Outbreak Timeline Approximate Start…

Cobain Ransomware – Community Resource Guide (ext .cobain) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation: Files encrypted by this strain receive the exact suffix “.cobain”. Renaming Convention: Original name + a 5–8 character pseudo-random string + “.cobain” Example: Quarterly_Finance_Q4.xlsx ➜ Quarterly_Finance_Q4.xlsx.H71k9.cobain 2. Detection & Outbreak Timeline First public sightings: Early-December 2022. Wider active…

Cobra Ransomware ({{ $json.extension }} = “.coba”) – Community Resource Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the exact extension “.coba” to every encrypted file. Renaming Convention: Original: Project_Report_Q2.docx → After encryption: Project_Report_Q2.docx.coba Folders also receive a ransom note named readme.txt at their root. 2. Detection &…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: coaq Renaming Convention: All affected files are appended with the .coaq extension only. The base filename remains untouched—so a file named QuarterlyReport.xlsx becomes QuarterlyReport.xlsx.coaq. 2. Detection & Outbreak Timeline Approximate Start Date/Period: Mass-mail-distributed samples observed in mid-August 2021 and remained a top-spread campaign…

Technical Breakdown: CNMHR Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: CNMHR appends the literal string .cnmhr to the original file name (e.g., presentation.pptx → presentation.pptx.cnmhr). Renaming Convention: The ransomware neither re-orders the basename nor inserts random separators—exactly four characters (cnmhr) are added after the final dot of the original extension. Archive-style…

Technical Breakdown – “CNH” Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends .cnh (lower-case, no preceding space) to every encrypted file. Example: QuarterlyReport.xlsx becomes QuarterlyReport.xlsx.cnh. Renaming Convention: Original file structure is preserved; the malware simply tacks .cnh onto the very end of every path. Long or deep directory structures…

================================================================== RANSOMWARE RESOURCE ― “.cnc” Variant Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .cnc – appended exactly to the end of every encrypted file without a second marker (the name looks like picture.jpg.cnc not .jpg.cnc.cipher). Renaming Convention: Every file receives the postfix .cnc; the base filename and directory structure remain…