Ransomware Archives - Page 153 of 236

Search Results

babyduck

Technical Breakdown – BabyDuck Ransomware (a.k.a. “.babyduck”) 1. File Extension & Renaming Patterns Confirmation of File Extension: .babyduck (lowercase, no uppercase variations observed to date). Renaming Convention: <original_filename>.<original_extension>.<16-hex-byte_ID>.babyduck Example: QuarterlyReport.xlsx.dfa8ba5c4367f01b.babyduck The 32-character hex segment is unique per victim and appears to be the truncated SHA-256 of the victim host SID + MAC, which is also…
bablo

Bablo Ransomware – Comprehensive Defense & Recovery Resource Variant identified by the extension bablo Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Bablo appends “.bablo” (lowercase, four letters) as the final extension for every file it encrypts. Renaming Convention: Files keep their original base name and existing extension, then “.bablo” is…
babaxed!

Ransomware Resource – variant employing the extension “.babaxed!” Technical Breakdown 1. File Extension & Renaming Patterns Exact extension: .babaxed! (case-insensitive; appears after the last “.” and before the original extension). Renaming convention example: Invoice_April2024.xlsx → Invoice_April2024.xlsx.babaxed! 2. Detection & Outbreak Timeline First publicly-visible samples: March–April 2024 (underground forum adverts dating to late March; first open-source…
babaxed

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the exact string “.babaxed” (lower-case, no dot prefix inside the filename) after the existing file extension. – Example: Document.docx → Document.docx.babaxed Renaming Convention: – Pre-infection names are left intact; only one extra extension is placed. – Files remain in their…
baal

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Adds the suffix .baal to every encrypted file. Example: Budget 2024.xlsx → Budget 2024.xlsx.baal. Renaming Convention: Files retain their original full name and preceding extension; only the new .baal marker is appended. In some variants, the filename itself is NOT scrambled, which can…
baaa

Technical Breakdown – Ransomware Extension .baaa 1. File Extension & Renaming Patterns Confirmation of File Extension: All encrypted files receive the new trailing extension .baaa. Renaming Convention: [original_filename].[original_extention].id-[<8-hex-chars>].[attacker_mail].baaa Example: Report2024.xlsx.id-4D3E2A91.[[email protected]].baaa 2. Detection & Outbreak Timeline Approximate Start Date/Period: First large-scale sightings appeared 22 – 24 November 2023. A second, broader expansion wave hit March–April 2024,…
b89b

Ransomware Variant: b89b Community Resource v1.1 – prepared by the Incident Response Task-Force Technical Breakdown 1. File Extension & Renaming Patterns Exact Extension Added: .b89b Renaming Convention: – Every encrypted file is renamed in the format [original filename][32 hex-characters].b89b – The 32-character string is the first 16 bytes of the file’s AES CTR IV represented…
b78vi7v6ri66b

Comprehensive Resource: b78vi7v6ri66b Ransomware ( File-extension variant formerly tracked as “.b78vi7v6ri66b” ) Technical Breakdown 1. File Extension & Renaming Patterns • Exact file extension added: .b78vi7v6ri66b (lowercase, no spaces). • Renaming convention: – Original filename → [original-name].[original-extension].b78vi7v6ri66b – Example: Project_Q1.xlsx → Project_Q1.xlsx.b78vi7v6ri66b – Samples observed do NOT overwrite the original extension—both are preserved—making brute-force removal…
b5c6

Ransomware Deep-Dive: Variant Using the .b5c6 Extension Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .b5c6 (note the leading dot). Renaming Convention: Original files keep their full names plus four appended bytes: document.pdf → document.pdf.b5c6 In multi-volume shadow-copy attacks, shadow copies and VSS snapshots are renamed in the same way (e.g.,…
b2fr

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by B2FR ransomware are universally re-labelled with the suffix .b2fr. Renaming Convention: The malware appends .b2fr as a secondary extension (it is added after the original extension). Example: Quarterly_Report.xlsx becomes Quarterly_Report.xlsx.b2fr. There is no random string or machine ID introduced into…