Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .blower (exact extension appended to every encrypted file). Renaming Convention: – Victim files keep their original name plus a randomized 5-character hexadecimal ID string after the base filename. Example: Quarterly_Report.xlsx → Quarterly_Report.xlsx.id-A1B2C.[[email protected]].blower – The square-bracketed portion contains the attacker-controlled e-mail address for…

Community Resource – Blooper Ransomware (last updated: 2024-05-28) Technical Breakdown 1. File Extension & Renaming Patterns • Confirmation of File Extension: Blooper appends the literal string .blooper (lower-case, no extra dot) to the base file name. Example: project.docx → project.docx.blooper • Renaming Convention: – Extension is simply appended (no base-name hash, no e-mail address). –…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The “Bloody” (or “BloodyStealer”) ransomware appends “.bloody” to every encrypted file. Renaming Convention: After encryption the file [original-name.ext] is renamed to [original-name.ext.bloody]. A secondary side-effect reported in some samples is the insertion of an 8-byte marker BLEED### immediately after the file header, helping…

Ransomware Resource Sheet: Ransomware Identified by the Extension bloked Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: After encryption is complete, every affected file is appended with “.bloked”. Example: Presentation.pptx → Presentation.pptx.bloked Renaming Convention: The ransomware keeps the original filename and only appends the new extension. No known prefixing or obfuscation…

Technical Breakdown (BlockZ Ransomware) 1. File Extension & Renaming Patterns Confirmation of File Extension: BlockZ appends the literal string .blockz to every encrypted file. Renaming Convention: • Original: Budget_Q3.xlsx • Encrypted: Budget_Q3.xlsx.blockz (no additional prefix/email/ID is added). The ransomware preserves the entire original filename, only appending the extension. 2. Detection & Outbreak Timeline Approximate Start…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: “blocking” (exactly .blocking appended after the original file-name). Renaming Convention: The ransomware keeps the original filename and any nested folder path intact, but adds the double suffix .blocking immediately after the original extension. Examples: • Annual_Budget.xlsx.blocking • Customer_Database.accdb.blocking • Project_Files/Backup_2024-06-21_1430.bak.blocking 2. Detection &…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by BlockFile12 are appended with the fixed extension blockfile12. Renaming Convention: Original filename → <Original-name>.<Original-extension>.blockfile12. Example: QuarterlyReport.xlsx becomes QuarterlyReport.xlsx.blockfile12. 2. Detection & Outbreak Timeline Approximate Start Date/Period: First telemetry signatures submitted 2024-02-08; high-visibility spikes first seen 2024-02-19. 3. Primary Attack Vectors…

Ransomware Intelligence Report File-extension under scope: .blocked2 (variant of the MedusaLocker family) Last update: 2024-05-20 Technical Breakdown 1. File Extension & Renaming Patterns File extension: .blocked2 (e.g. Report.docx.blocked2) Renaming convention: Original file name and internal directory structure are preserved; only the final suffix changes. No prefix or random character chains are appended. 2. Detection &…

Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The variant locks files by appending the literal suffix .blocked (including the leading dot) to every encrypted file. Renaming Convention: Original file → OriginalName.ext.blocked Original directory → untouched; filenames only are modified to hide their type and make quick identification harder. 2. Detection…

Technical Breakdown: blockbax_v3.2 – “MegaLocker” Variant (frequently misreported simply by its appended extension .blockbax_v3.2) 1. File Extension & Renaming Patterns Exact extension confirmation: .blockbax_v3.2 Typical re-naming convention: [original_file_name]_[CUST_ID]_[8-BYTE_HEX].blockbax_v3.2 where CUST_ID is a 6-digit campaign number and the hex is derived from the first 8 bytes of the file’s SHA-256 hash. 2. Detection & Outbreak Timeline…