Ransomware Archives - Page 12 of 236

Search Results

fail_state_notification.pdf

Community Threat Brief – .fail_state Ransomware (Also reported as “FailState”, “Fail_State”, or internally “FSN-2199”) Technical Breakdown 1. File Extension & Renaming Pattern Confirmed extension appended to every encrypted file: .fail_state Renaming convention: Original names are left intact, the string .fail_state is simply suffixed. Example: Q4-Financial.xlsx → Q4-Financial.xlsx.fail_state (No e-mail address, random ID, or second extension…
fadesoft

fadesoft Ransomware – Community Resource Sheet (Last updated: 2024-05-xx) Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension added to every encrypted file: .fadesoft (lower case, no secondary marker). Renaming convention observed in the wild: <original-file-name>.<original-extension>.fadesoft Example: Q4-Report.xlsx becomes Q4-Report.xlsx.fadesoft (No email addresses, random bytes, or victim IDs are inserted – a trait that…
factfull

Ransomware Report – “FACTFULL” (a.k.a. files that suddenly show the double extension .factfull, e.g. Annual_Report.xlsx.factfull) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Exact extension added: .factfull (lower-case, no wild-cards, no serial/UID). Renaming convention: – Appended directly to the original name and extension → picture.jpg.factfull, VM-Backup.bkf.factfull. – Does not touch the first 2–4 bytes of…
fackoff!

Ransomware Brief: .fackoff! Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .fackoff! (note the trailing exclamation mark). Renaming Convention: <original_filename>.<original_ext>.id-<5-to-8-digit-victim-ID>.[attacker_email].fackoff! Example: 2024-report.xlsx.id-12345.[[email protected]].fackoff! 2. Detection & Outbreak Timeline First public submissions: mid-October 2022 (earliest samples dated 14 Oct 2022). Wider outbreak window: October–December 2022 (several spikes in late-Nov/early-Dec). Still circulating: clusters re-appear…
facebook

Facebook (Meta) Ransomware – Community Defense Guide Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: facebook (yes, the 8-letter string that is identical to the social-media brand). Example: Budget2024.xlsx ⇢ Budget2024.xlsx.facebook Renaming Convention: The ransomware preserves the original full file name, simply appending an extra dot + “facebook”. Hidden/system files, VSS…
fabiansomware

Fabiansomware – Community Defense Briefing (last updated 2024-06-XX) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of file extension: “.fabiansomware” (lowercase) is appended to every encrypted file. Some early samples also add “.fabian” on ReFS volumes, but the dominant strain now uses the full string. Renaming convention: Original name → <original-name>.<original-extension>.fabiansomware Example: Quarterly-Report-Q2.xlsx becomes…
f41o1

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the literal string “.f41o1” (lower-case F-four-one-letter-O-one) to every file it encrypts. Example: Quarterly-Report.xlsx becomes Quarterly-Report.xlsx.f41o1 Renaming Convention: No additional prefix, ad-stub, or e-mail address is inserted—only the single 6-byte suffix. Inside every folder you will also find the ransom note…
f*cked

Ransomware Resource Sheet Variant: f*cked (sometimes written “fucked” or “f*cked-up”) Last updated: 2024-06-xx TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmed extension appended: .f*cked (exactly nine characters including the dot; the third letter is a wildcard/asterisk on most filesystems; some samples drop the asterisk and append .fucked). Renaming convention (observed): <original_name>.<original_ext>.id-<5-8_hex_chars>.[<attacker_email>].f*cked Example: ProjectQ3.xlsx.id-A7B4C291.[[email protected]].f*cked Older…
f**kcrypt

NOTES FOR READERS “f**kcrypt” (hereafter written simply as “fckcrypt”) appears only in scattered, low-volume incident reports and has NOT (yet) been catalogued in detail by CERTs or major vendors. Everything below is assembled from the few public triage packs shared by analysts and from behavioural similarities to other .NET/“Harz”-based ransomware. Regard the dates and IOCs…
ezzyl

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .ezzyl Renaming Convention: Files are re-written in the pattern <original-name>.id-<unique-ID>.<attacker-email>[].ezzyl Example: Budget2024.xlsx becomes Budget2024.xlsx.id-3E5A2B46.[[email protected]].ezzyl 2. Detection & Outbreak Timeline Approximate Start Date/Period: First large-scale submissions to public sandboxes and ID-Ransomware were recorded in the third week of November 2023; activity peaked December 2023…