Search Results
Search Results
Detailed Resource: FindZip ransomware (macOS-specific) TECHNICAL BREAK-DOWN 1. File extension & renaming pattern Confirmation of file extension: Every encrypted file is appended with “.findzip” (lower-case, no spaces). Example: Budget_2024.xlsx ➜ Budget_2024.xlsx.findzip Renaming convention: The malware uses a single, atomic rename() call in Objective-C, so the original extension is preserved and simply concatenated with “.findzip.” No…
findom (also spelled “Findex” or “Find0m”) is not true ransomware in the classical cryptographic sense. It is a wiper/extortion hybrid that makes no serious attempt to preserve the possibility of decryption. Treat every findom incident as a data-destruction event, not a recoverable ransom case. Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File…
Technical Breakdown for find0m Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: Encrypted files are re-suffixed with “.find0m”. Renaming Convention: <original_name>.find0m (no e-mail, ID string, or random bytes are inserted). Older variants occasionally append the victim UID as a second extension (e.g., document.pdf.id-A1B2C3.find0m), but current samples keep only “.find0m”. 2. Detection &…
Technical Breakdown (Ransomware that appends the extension “.filock”) 1. File Extension & Renaming Patterns Confirmation of file extension: .filock Renaming convention: Original: Quarterly_report.xlsx After encryption: Quarterly_report.xlsx.filock Filename, path, and directory structure remain intact—only the extra suffix is added. Because the base name is preserved, victims can still see what was lost, which helps when rebuilding…
Ransomware Brief – Extension “.filgzmsp” (Community-use quick-reference – last updated 2024-05-28) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Exact extension added: .filgzmsp (lower-case, 8 chars, no second extension). Renaming convention observed in the wild: <original_name>.<original_ext>.ID-<5-8_hex_digits>.[attacker_email].filgzmsp Example: ProjectQ3.xlsx.ID-9F4C2E01.[[email protected]].filgzmsp 2. Detection & Outbreak Timeline First uploaded to public malware repositories: 2024-03-17 (UTC). First large-enterprise ticket opened:…
FilesLocker v3 (& variants) Resource Sheet (Extension used: [email protected]*) Last updated: 2024-06-XX ======================================== ## TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation: Each encrypted file receives TWO suffixes: User-unique random-ID (10–14 lower-case chars) Literal string “[email protected]” (or “[email protected]”, “[email protected]” in v1/v2) Example: Annual Report.xlsx → Annual [email protected] If the affiliate campaign uses a different…
FilesLocker Ransomware – Community Defense Guide File-extension hall-mark: .locked (variant A) and .[[email]].fileslocker (variant B) Technical Breakdown 1. File Extension & Renaming Patterns Extension: .locked (first wave, Aug-2018) or .[[attacker_email]].fileslocker (second wave, Oct-2018 →) Renaming convention: original_name.docx → original_name.docx.locked OR Budget.xls → Budget.xls.[[email protected]].fileslocker The address inside the bracket is usually a ProtonMail / Cock.li /…
Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .fileslack Renaming Convention: Victim documents are encrypted and their original filename is appended with “.fileslack” (no extra suffix, prefix, or email address). Example: invoice_04_2025.pdf → invoice_04_2025.pdf.fileslack 2. Detection & Outbreak Timeline First publicly submitted samples were captured in late-May 2019 and peaked through…
TECHNICAL BREAKDOWN: 1. File Extension & Renaming Patterns Confirmation of File Extension: .filesfucked (lowercase) is appended to every encrypted file. Renaming Convention: Original-name → <original_name>.<original_ext>.filesfucked. Example: 2024-Q3-Budget.xlsx becomes 2024-Q3-Budget.xlsx.filesfucked. The ransomware does NOT change the base filename, which is useful when rebuilding from backups/logs. 2. Detection & Outbreak Timeline Approximate Start Date/Period: First public submission…
Ransomware Profile – FilesEncrypted Extension Technical Breakdown 1. File Extension & Renaming Patterns Exact extension added: .filesencrypted (lower-case, no space) Renaming convention: Original name is preserved, the string .filesencrypted is simply appended. Example: Quarterly-Report.xlsx → Quarterly-Report.xlsx.filesencrypted No fixed e-mail address, victim ID, or random hex string is inserted between the original name and the extension…