Ransomware Archives - Page 106 of 236

Search Results

china

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: china The ransomware appends the literal string “.china” as the new final extension, e.g., Document.xlsx.china. Renaming Convention: – It preserves the original filename and any pre-existing extension, only appending “.china” once. – No random 4-6 character ID in filename (unlike Conti). – No…
chimera

Windows File Names: *.chimera Community Label: “Chimera” or, historically, “Chimera First Variant” ============================================================================ TECHNICAL BREAKDOWN File Extension & Renaming Patterns • Confirmation of File Extension: The definitive marker after encryption is “.chimera” (in lower-case). • Renaming Convention: – Original file Document.docx becomes Document.docx.chimera. – Directory names remain intact; folders are never renamed. – Inside every…
chifrator@qq_com

Ransomware Analysis Report – chifrator@qq_com Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: chifrator@qq_com (note the @ underscore variant; older samples use [email protected]) Renaming Convention: The malware renames files as: <original_filename>.<original_extension>.[victim-id].chifrator@qq_com Example: Annual_Report_2024.xlsx.FA1E7BF2.chifrator@qq_com The token in brackets (FA1E7BF2 in the example) is an 8-character hexadecimal identifier unique per host and is…
chichi

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: CHI-CHI (note the hyphen). Affected files appear as original_name.ext.CHICHI (older builds) or original_name.CHICHI (newer builds that drop the original extension entirely). Renaming Convention: Typical pattern is original_name.[8_random_hex].CHICHI on post-March 2023 samples (e.g., invoice.pdf.A3F1C0D7.CHICHI). 2. Detection & Outbreak Timeline Approximate Start Date/Period: Active threat-intel…
chewbacca

Technical Breakdown – “Chewbacca” Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: The variant appends the literal extension “.chewbacca” in lower-case. Renaming Convention: Original file: 2024_Financials.xlsx After encryption: 2024_Financials.xlsx.chewbacca No appended IDs or e-mail addresses are inserted between the original name and the extension. Directory names remain unchanged; only file contents (and…
chewbac

# Community Resource – CHEWBAC Ransomware (.chewbac) # Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .chewbac Renaming Convention: During encryption, the malware composes a new filename in the pattern [Original name]__[original.extension].chewbac Example: report_Q1_2024.xlsx –> report_Q1_2024.xlsx__.chewbac All logical drives and mapped/shadow volumes are processed recursively to ensure breadth. 2. Detection &…
chernolocker

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: chernolocker appends .chernolocker to every encrypted file. Example: Budget2024.xlsx becomes Budget2024.xlsx.chernolocker. Renaming Convention: – Files keep their original base name (a relief if you are hunting for backups). – The extension is added once; double- or triple-extension duplicates have not been observed. –…
chernobyl

Type: Chernobyl Ransomware (internal naming, sometimes referred to as “Rebob Ransom” or “Excalibur-M” in older threat-intel reports). Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .CHERNOBYL (upper-case by design), added after the original extension or in place of it depending on build variant. Example: Document.docx → Document.docx.CHERNOBYL or Report.xlsx.CHERNOBYL. Renaming Convention:…
chekyshka

Technical Breakdown – Chekyshka Ransomware (.chekyshka) 1. File Extension & Renaming Patterns Confirmation of File Extension: .chekyshka (always lowercase, no appended digits or random strings). Renaming Convention: original-file.ext → original-file.ext.chekyshka Folders receive a desktop.ini-style internal change rather than a visible rename. Shadow volumes and alternate data streams (ADS) are purged prior to encryption, so the…
cheetah

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Cheetah appends the literal string “.cheetah” (with the leading dot) as a second extension to every encrypted file, e.g., Report_2024-Q2.xlsx.cheetah, Project.pptx.cheetah, db_dump.sql.bak.cheetah. Renaming Convention: – Uses in-place filename → filename.cheetah (no additional ID or email prepended). – Preserves original directory structure; does not…