Search Results

  • ciphx

    Technical Breakdown: “CiphX” Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: After encryption, CiphX appends the extension “.ciphx” to every encrypted file. Renaming Convention: Original → OriginalName.random-10-char-hex.id-{victim-id}.ciphx Example: Invoice-Q2.pdf → Invoice-Q2.pdf.a3e8d9f65b. id-9C4D8512A.ciphx The 10-hex string is different for every file (per-object key identifier), while the victim-id is consistent across the machine or…

  • ciphertrail

    Technical Breakdown: CIPHERTAIL Ransomware (aliases observed: CipherTrail, CipherTailLocker, .CTR-tail) 1. File Extension & Renaming Patterns Confirmation of File Extension: Every encrypted file receives the “.ciphertrail” suffix appended after the original extension. Example: Original → 2024-Q3_Budget.xlsx Encrypted → 2024-Q3_Budget.xlsx.ciphertrail Renaming Convention: File names are NOT altered in their stems; only a second extension is concatenated. Directory…

  • ciphered

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware uses the literal extension .ciphered (lowercase). Renaming Convention: – Original filename → filename.ext.ciphered (the original file type marker is left intact before the new extension). – Folders receive a text file marker _readme_ciphered.txt. – Files deeper than 3 directory levels are…

  • cipher

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .cipher Renaming Convention: cipher appends its extension to the end of each filename without removing or overwriting the original extension, resulting in a pattern of original_name.original_extension.cipher Example: Quarterly_Report.xlsx → Quarterly_Report.xlsx.cipher 2. Detection & Outbreak Timeline Approximate Start Date/Period: First reliably observed in the…

  • cip

    Community Threat Brief Ransomware “.cip” Variant – Technical & Recovery Guide Target audience: SOC teams, system administrators, small-mid-size orgs and home users. Technical Breakdown 1. File Extension & Renaming Patterns • Confirmation of File Extension: “.cip” • Renaming Convention: – Original file Document.docx → Document.docx.cip – Usually appends one extra string block, most commonly: [8_hex_digit]-[8_hex_digit]…

  • ciop

    Ciop Ransomware – Community Defense & Recovery Guide Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends “.ciop” (exactly four lower-case letters) to every encrypted file. Renaming Convention: – Original file: Annual_Report.docx – After encryption: Annual_Report.docx.ciop – The malware preserves the preceding extension, so full names may become lengthy:…

  • cifgksaffsfyghd

    Ransomware Resource: CIFGKSAFFSFYGHD Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Encrypted files are appended with the fixed string “.cifgksaffsfyghd”. A second extension is never added; the original file name is preserved prior to the new suffix (e.g., Quarterly_Report.xlsx.cifgksaffsfyghd). Renaming Convention: Base file name and original extension remain intact. Lower-case “.cifgksaffsfyghd”…

  • chupacabra

    Comprehensive Resource: CHUPACABRA Ransomware (extension .CHUPACABRA) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Files are appended with exactly “.CHUPACABRA” in upper-case, placed after (not instead of) the original file extension. Example: Invoice_May2024.xlsx becomes Invoice_May2024.xlsx.CHUPACABRA. Renaming Convention: No base-file-name change. Recursive, affecting every logical drive it can enumerate (local volumes, mapped…

  • chuklock

    Ransomware Intelligence Report Variant: “Chuklock” Extension: *.chuklock TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns • Exact extension appended: .chuklock • Renaming convention: 1) Every file is first moved into a temporary, random 8-character lowercase sub-folder in the same directory. 2) The file is then renamed to: <original-name>.<8-hex-digest>.chuklock 3) Alternate data streams (ADS) and 0-byte…

  • chuk

    Community Defense Guide: CHUK Ransomware Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .chuk • Files receive a second extension, appended after the original one – e.g. Quarterly_Report.xlsx.chuk. • Hidden files, junction points and System Volume Information are skipped to reduce forensic noise. Renaming Convention: Maintains original diplomacy (upper-/lower-case, spaces) until…