Ransomware Guide for the .antidata Variant (Last revised: 2024-06-XX) Technical Breakdown 1. File Extension & Renaming Patterns File extension added: .antidata Renaming convention: Example: Original → Project Q3.xlsx Encrypted → Project Q3.xlsx.antidata Early v1 samples preserved the original file name intact and simply appended .antidata. Underground forum postings show signs the gang may adopt e-mail-addresses…

Community Resource – Ransomware Profile: ‑anti-us Last updated: 07-May-2024 Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends “.anti-us” (leading dot) directly to the last portion of the original filename; e.g. Annual_Report.xlsx becomes Annual_Report.xlsx.anti-us. Renaming Convention: In addition to the extension, the malware overwrites the file-icon registry entries so…

Comprehensive Guide to the “anthraxbulletproof” Ransomware Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension:  .anthraxbulletproof  (note the trailing period that most OSs will treat as the final component of the filename) Renaming Convention: <original_name>.<original_extension>.<unix-timestamp>.anthraxbulletproof Example: QuarterlyReport.xlsx.1689154724.anthraxbulletproof The unix-timestamp represents the encryption start epoch time in UTC, giving defenders a useful indicator…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Antefrigus never changes or appends an additional file extension. Encrypted files retain their original filename; the only observable difference is that all size becomes 0 bytes because Antefrigus overwrites files with the ransom note instead of classic AES/CHA-CHA-20 encryption. Renaming Convention: NONE –…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: anta (extension written without a leading dot; files become <original-name>.<original-extention>.anta). Renaming Convention: The malware appends .anta as a second extension, preserving the original file name and extension. Example: report_2024_Q1.xlsx → report_2024_Q1.xlsx.anta. Network shares are often bulk-renamed the same way, making the damage immediately…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files altered by the AnonymousFrance ransomware are appended with the literal string “.anonymousfrance” (no dot at the very end). Renaming Convention: The malware destroys the original extension entirely and appends only “anonymousfrance”. Example transformation: Budget_2024.xlsx → Budget_2024.anonymousfrance 2. Detection & Outbreak Timeline Approximate…

Ransomware Spotlight – The Family That Uses the Extension .anonymous (last updated 12-Apr-2025) Technical Breakdown 1. File Extension & Renaming Patterns • Confirmed File Extension: .anonymous (lower-case, without a leading dot if the sample is already appending one via the dropped ransom note). • Renaming Convention: – File is over-written in place with AES-256 encrypted…

Ransomware .anontsugumi – Technical Breakdown & Recovery Playbook (Last verified: June 2025) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .anontsugumi Renaming Convention: Encrypted files keep their original name but are suffixed with both the extension and a 20-byte hexadecimal victim ID. Example: Project_Q3.xlsx → Project_Q3.xlsx.anontsugumi.[A4F6D1E7C9B82F1D3A5B] 2. Detection & Outbreak Timeline…

Comprehensive Guide: [email protected] (LockerGoga) Ransomware Technical Breakdown 1. File Extension & Renaming Patterns Extension used: .locked (many variants add the e-mail address in a separate ransom note, not in the filename) Renaming convention: Original files are overwritten (not simply renamed). The resulting file keeps the original name plus .locked appended → Document.docx.locked. No additional UID…

Technical Breakdown – ANONBY Ransomware (file-marker “.anonby”) 1. File Extension & Renaming Patterns • Confirmation of File Extension: Every file held to ransom receives the fixed suffix .anon_by (double-ext. if the original file already had one, e.g., report.xlsx.anon_by). • Renaming Convention: Files retain their original base name; no prefix or additional tokens are prepended. Directory…