Ransomware Resource Sheet – “ECC” (*.ecc variant) Technical Breakdown 1. File Extension & Renaming Patterns Exact extension added: .ecc Typical renaming convention: original_name.ext → original_name.ext.ecc (The original file name is kept, the original extension is preserved, and .ecc is simply appended—no e-mail address, random ID, or campaign tag is inserted.) 2. Detection & Outbreak Timeline…

Ransomware Resource Sheet Variant tracked by the extension: .ebytelocker Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension appended: .ebytelocker (lower-case, no hyphen, no second extension) Renaming convention observed: Original name → <original_name>.<original_ext>.ebytelocker Example: Quarterly-Report.xlsx becomes Quarterly-Report.xlsx.ebytelocker 2. Detection & Outbreak Timeline First uploaded to ID-Ransomware / VirusTotal: 23 Jan 2024 (cluster of submissions…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Ebola (a.k.a. “DecryptorEbola” or “EbolaRnsm”) appends the five-letter suffix “.ebola” to every file it encryptes. Example: Presentation.pptx → Presentation.pptx.ebola Renaming Convention: The ransomware preserves the original file name and simply concatenates “.ebola” at the end; no e-mail address, random ID, or secondary extension…

eBayWall – Community Defense & Recovery Brief Last updated: 2024-05-20 Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .ebay (the sample submitted carried the full suffix .ebaywall, but dozens of public samples append only .ebay – both are valid indicators). Renaming Convention: Original: Budget.xlsx After encryption: Budget.xlsx.id-[8-HEX-DIGIT-STRING].ebay The 8-byte ID is…

⚠ The text below is provided “AS-IS,” without warranty of any kind. It is intended for educational and incident-response purposes only. If you are currently under active attack, immediately isolate the affected machines, power-off any unaffected backups that are still online, and engage your incident-response team or a qualified security firm. Technical Breakdown 1. File-Extension…

Ransomware Intelligence Report Variant: Files that acquire the “.ebal” extension Last update: June 2024 Confidence level: High (cross-referenced incident telemetry, vendor sandboxes, public submissions) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation: Every encrypted file is appended with an additional, lower-case “.ebal”. Renaming Convention: Original name → <original_name>.<original_ext>.ebal Example: 2024Q2Budget.xlsx becomes 2024Q2Budget.xlsx.ebal Note: Unlike…

ebaka Ransomware – Community Resource Sheet Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .ebaka (lowercase) Renaming Convention: – Original filename → <original_name>.<original_ext>.ebaka – Example: Invoice_05_2024.xlsx becomes Invoice_05_2024.xlsx.ebaka – No e-mail or ID string is inserted, so every victim sees the identical pattern. 2. Detection & Outbreak Timeline First public submission:…

Ransomware Resource Card Variant: easyransom! (extension .easyransom!) – last update 2024-05-15 Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: .easyransom! (lowercase, leading dot, exclamation mandatory) Renaming convention: [original_name]_[8-hex-chars].easyransom! Example: Quarterly_report.xlsx → Quarterly_report.xlsx_4f2a91b0.easyransom! – The 8-byte hex string is the first 4 bytes of the file’s SHA-256 hash (used as victim UID & chunk…

Community Advisory: “easyransom” Ransomware (Last updated: 2024-06-XX) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .easyransom Renaming Convention: Plain example: Annual_Report.xlsx → Annual_Report.xlsx.easyransom Some clusters add the victim ID in lower-case hex before the final suffix: Annual_Report.xlsx.5f3a9.easyransom Directory-level marker: drops HOW_TO_RECOVER_FILES.txt (sometimes easyransom-howto.txt) in every folder where encryption occurred. 2. Detection…

Technical Breakdown – easy2lock Ransomware (File extension observed: .easy2lock) 1. File Extension & Renaming Patterns Confirmed extension: “.easy2lock” (case-insensitive) appended directly after the original extension E.g.: 2024-budget.xlsx → 2024-budget.xlsx.easy2lock No e-mail address or random string is inserted; only the static suffix – low-to-intermediate sophistication indicator 2. Detection & Outbreak Timeline First publicly submitted: 2023-Q4 (multiple…