Search Results

  • deno;

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the extension “.deno” (in lower-case 5-characters followed by one semicolon) to every encrypted file – e.g., Annual_Report.xlsx becomes Annual_Report.xlsx.deno;. Renaming Convention: After encryption it keeps the original file name plus extension and appends .deno; after it, but also stores an…

  • deno

    Deno Ransomware Threat Intelligence Report Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .deno Renaming Convention: Original filename → <original_name>.<original_extension>.deno Example: QuarterlyReport.xlsx becomes QuarterlyReport.xlsx.deno Unlike many variants, Deno preserves the original extension in the final name, making identification easier 2. Detection & Outbreak Timeline Approximate Start Date/Period: First detected in the…

  • deniz_kızı

    Deniz_Kızı (“Sea-Maiden”) Ransomware Deep-dive Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of file extension deniz_kızı Note: the Turkish spelling uses the dotted “ı”, some tools or file systems may render it as deniz_kızı or deniz_kizy. Renaming convention OriginalName.ext.[Victim-ID]deniz_kızı • Victim-ID = 8-char hexadecimal usually derived from MAC or SID • Extension is appended…

  • deniz_kizi

    deniz_kizi Ransomware – Community Resource Technical Breakdown 1. File Extension & Renaming Patterns Exact File Extension: .deniz_kizi (always lower-case, no dot prefix). Renaming Convention: Files are renamed to the pattern <original_name>.<original_extension>.deniz_kizi Example: Annual_Budget.xlsx → Annual_Budget.xlsx.deniz_kizi 2. Detection & Outbreak Timeline First Publicly Documented Sample: 27 July 2023 (uploaded to MalShare & Any.run). Rapid Expansion: Noticeable…

  • demonslay335_you_cannot_decrypt_me!

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends .demonslay335_you_cannot_decrypt_me! (exactly 34 characters, including the exclamation mark) to every encrypted file. Renaming Convention: Original file name → Base64-looking 16-byte ASCII sequence (appears to be the AES-256 per-file IV) + the extension above. Example: Quarterly-Reports.xlsx becomes d4f9a2c7e3b5a1b8.demonslay335_you_cannot_decrypt_me! 2. Detection &…

  • demon

    Comprehensive Guide on “Demon” Ransomware (File-Extension .demon) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .demon (lower-case, without further decoration). Renaming Convention: Original path → <original_name>.<original_extension>.demon Example: Annual_Report_2024.xlsx becomes Annual_Report_2024.xlsx.demon 2. Detection & Outbreak Timeline Approximate Start Date/Period: First public sightings: mid-June 2021, with active global campaigns peaking between August-December 2021.…

  • democ

    # Democ Ransomware Threat Advisory Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: The Democ ransomware appends each encrypted file with the extension .democ in lower-case (e.g., AnnualReport.xlsx → AnnualReport.xlsx.democ). Renaming Convention: Original filename remains intact. A period plus the extension “democ” is appended. No additional ransom-tag prefix is used (unlike…

  • delta

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .delta Renaming Convention: Victims who are double-extorted will often see safe copies overwritten and renamed as <original_name>.<original_extension>.delta (example: 2024-budget.xlsx.delta). Network-share CSV shadow-copy “flat” infections have been delivered under the pattern %COMPUTERNAME%-%USERNAME%-<8-digit-ransom-id>.delta. 2. Detection & Outbreak Timeline Approximate Start Date/Period: 20 July 2023 –…

  • delphimorix*

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware known as DelphiMorix appends .delphimorix[random_number] to every encrypted file. Example: AnnualReport.xlsx → AnnualReport.xlsx.delphimorix593 Renaming Convention: After encryption the file is renamed exactly once, preserving the original filename plus the appended “.delphimorixXXXX”. No prefix strings, e-mail addresses, or second extension are added,…

  • delphimorix!@@@@_@@_@_2018_@@@_@_@_@@@

    Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends the fixed string .delphimorix!@@@@_@@_@_2018_@@@_@_@_@@@ (exactly 54 character-long array of symbols and “2018”) to every encrypted file. Renaming Convention: Original file: Document.xlsx After encryption: Document.xlsx.delphimorix!@@@@_@@_@_2018_@@@_@_@_@@@ There is no prefixing, no appended victim-ID, so all files on the host end with the…