📊 RANSOMWARE FILE: .basslock Expert reference compiled 2024-06-12 – last updated on recent sightings Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .basslock (< 9 chars, lower-case, appended after the original file name but before the last dot if a folder-level rename was triggered) Renaming Convention: Single files: SalesReport.xlsx.basslock Deep folder…

Technical Breakdown for “.basn” Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension .basn – each encrypted file appears with this single, 4-character suffix appended after the original one. Renaming Convention Simple append-only. Encrypted files are renamed as original_name.ext.basn No Base-64 or hex-encoded IDs, no e-mail addresses, and no cryptic prepended strings are…

⚠️ BASILISQUE RANSOMWARE (.[[email protected]].Basilisque) – 2024 COMMUNITY THREAT REPORT Compiled by: DEFENSOR Cyber Threat Intelligence Team – May 2024 Last updated: 22 May 2024 TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns • Exact extension appended: .[[email protected]].Basilisque • Renaming convention: Standard format: original_name.ext.[[email protected]].Basilisque Directories receive a marker file DECRYPT-FILES.txt on every impacted level. 2. Detection…

Comprehensive Resource: BASTILISQUE LOCKER Ransomware Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .basilisque Renaming Convention: Victim files are renamed using the pattern [original_filename][original_extension].basilisque. Example: Budget2024.xlsx becomes Budget2024.xlsx.basilisque. 2. Detection & Outbreak Timeline Approximate Start Date/Period: First sightings of Basilisque Locker occurred in mid–late Q2 2023, with active campaigns reported through…

Ransomware Family Quick-Reference: Extension = *.bashred-readme.txt (Threat Intelligence Label: “BashRED” / “RedScript”) Technical Breakdown 1. File Extension & Renaming Patterns • Encryption Marker: All encrypted files receive a second (and final) extension → “.bashred-readme.txt”. Example: report.docx becomes report.docx.bashred-readme.txt. • Renaming Convention: A 6-byte random ASCII string is appended immediately after the victim’s original name. report.docx…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: bashrc is NOT a file-extension that any known, impactful ransomware family uses. In Linux/Unix environments, the filename .bashrc (with a leading dot) is a legitimate shell-startup script in a user’s home directory. Attackers may overwrite or append malicious code to .bashrc as a…

Base Ransomware – Comprehensive Threat & Recovery Report (Threat-name: Base, Family: MountLocker-AstroLocker variants) Use this guide to both understand the inner-workings of Base and to follow battle-tested steps for prevention, eradication, and (where possible) file recovery. Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: base All encrypted files receive the additional,…

================================================== Ransomware Technical-Sheet Variant(s): Bart Ransomware “.bart.zip” / “.bart” (family alias: BartCrypt, Bart2) Last update: 2024-06-xx 1. Technical Breakdown 1.1 File Extension & Renaming Patterns Extension placed after encryption: .bart.zip (the actual encrypted content is wrapped into a PK-ZIP file; the inner encrypted section ends in .bart) Renaming convention: original_name.extension.id-{VICTIM-ID}.bart.zip Example:Quarterly_Budget.xlsx.id-8C72CBF1.bart.zip Each encrypted file is…

BART v2.0 Ransomware – Comprehensive Defense & Recovery Guide Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: After encryption, all files receive the double extension .bart.zip Example: QuarterlyReport.xlsx → QuarterlyReport.xlsx.bart.zip Renaming Convention: Original file is placed inside a password-protected ZIP archive named with the original filename + .bart.zip. Password protection means…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Ransomware families that are historically associated with the .bart extension (sometimes reported as .bart.zip) append the exact suffix .bart to every encrypted file. Renaming Convention: Original file names are preserved, but each file receives an additional second extension placed directly after the existing…