Search Results

  • actum

    Technical Breakdown – actum Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: .actum (lowercase, no space). Renaming Convention: original-filename.ext.id-<8-hex-digits>[mail[1]@tuta.io][mail[2]@onionmail.org].actum – Pattern is appended only; original filename and the immediate extension are untouched. – Victim identifier (id-*) is an 8-character hexadecimal string hard-coded into the binary and stored in the registry under HKCU\SOFTWARE\actum\vict.…

  • actor

    CREST-CYBER | Ransomware Intel Brief Variant: ACTOR Ransomware Family Extension observed: .actor Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: All encrypted volumes are appended with the literal string “.actor” and nothing preceding it (example: 2024_budget.xlsx.actor). Renaming Convention: File name left intact. Original extension preserved (e.g., .docx). “.actor” appended directly, producing…

  • acton.id*1ae26935-1085*.*[email protected]*.acton

    Below is the definitive community resource for the ransomware strain that appends acton.id*1ae26935-1085*.*[email protected]*.acton to encrypted data. Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .acton (suffixed with the full blob .acton.id*1ae26935-1085*.*[email protected]*.acton after the original filename; the id* segment is unique per victim, the e-mail address belongs to the affiliate). Renaming Convention:…

  • acton

    Technical Breakdown – ActOn (a.k.a. “Acton”) 1. File Extension & Renaming Patterns Exact Extension Used: .ActOn (lower-case “a”, capital “O” – case-sensitive on *nix systems). Renaming Convention: <original_filename>.<original_extension>.<random-6-hex>.ActOn Example: Presentation.pptx.78a4e7.ActOn 2. Detection & Outbreak Timeline First Public Sightings: Early-October 2023. Spike occurred 12–19 Oct 2023 when multiple MSPs and legal firms reported new strain. CERT/CC…

  • actin

    Ransomware Briefing: Everything You Need to Know About the Actin (.actin) Ransomware TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of File Extension: Actin appends “.actin” as a secondary extension to every encrypted file. Renaming Convention: Original filenames are stripped of any pre-existing extensions, receive a random 8-byte uppercase string (Base32 alphabet), and finally…

  • acookies

    Technical Breakdown – Ransomware .acookies 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the exact string “.acookies” immediately after the original file extension (e.g., report.xlsx.acookies, memo.docx.acookies). Renaming Convention: Files retain their original base names and original extension—{original_name}.{orig_ext}.acookies. Directories receive a ransom note named !!!READ_MOR_CRYPT_ONLINE!!!.txt and a second small note with…

  • acessd

    Ransomware Profile: “acessd” Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The malware always appends the static, lower-case extension .acessd to every encrypted file—e.g., Quarterly_Report.xlsx → Quarterly_Report.xlsx.acessd. Renaming Convention: • No prefix or obfuscation – the original filename and internal directory tree are preserved; only the new 7-character extension is fused…

  • acepy

    AcePy (.acepy) Ransomware – Community Survival Guide Prepared by CyberSec Response Team – Last Updated 2024-06-17 Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .acepy (lower-case letters only, no trailing dot before the extension). Renaming Convention: Original: QuarterlyReport.xlsx Infected: QuarterlyReport.xlsx.acepy No appended e-mail, ransom ID string, or second extension – a…

  • accuj

    Ransomware Quick-Sheet Variant: .Accuj Technical Breakdown 1. File Extension & Renaming Pattern Confirmed extension used: .accuj (lowercase) Renaming convention: [originalfilename].[originalextension].id-[8-charhexid].[attackeremail].accuj_ Example: ProjectBudget.xlsx.id-9A2B5C73.[[email protected]].accuj 2. Detection & Outbreak Timeline Approximate first sighting: 20-Dec-2023 (global telemetry spikes from Asia-Pacific & eastern Europe). Key flare-ups: 24-Jan-2024 wide-spread malspam wave; mid-March 2024 uptick via compromised MSP remote-monitoring tools. 3. Primary…

  • accdfisa v2.0

    Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The malware appends “.accdfisa” (lower-case, no spaces) to every file it encrypts. Renaming Convention: A victim file named report.docx becomes report.docx.accdfisa. The full original filename is preserved; nothing is prepended or truncated. Folders that contain encrypted files receive three additional items: README_ACCDFISA_V2.txt –…