Technical Breakdown – DDsg (STOP-Djvu Strain) File extension & renaming pattern • Extension appended verbatim: “.ddsg” (lower-case, no preceding hyphen or space). • File naming convention: original [filename.ext] → [filename.ext.ddsg] (e.g., “Reports.xlsx” → “Reports.xlsx.ddsg”). After encryption, Windows Explorer and icons show blank/unknown file-type symbols. Detection / outbreak timeline • First submitted to VirusTotal and public…

DDPCBI Ransomware Threat-intelligence Sheet Last revised: 22-Jun-2024 — v1.3 Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: .ddpcbi (lower-case, appended after the original extension). Renaming convention: [original-name].[original-extension].id-[XXXXXXXX].[contact-email].ddpcbi “XXXXXXXX” = 8-digit victim ID calculated from volume serial number. Typical e-mail seen in the wild: [email protected] or [email protected]. Directory-depth recursion starts at the volume root,…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends “.ddos” as the final file extension (e.g., Invoice.xlsx becomes Invoice.xlsx.ddos). Renaming Convention: Use of a two-part change: The malware prefixes the original filename with a 12-character hexadecimal Victim-ID followed by an underscore (e.g., AE47C3B9200D_). It then adds the new extension…

Technical Breakdown for the Ransomware Associated with Extension “.dd” 1. File Extension & Renaming Patterns Confirmation of File Extension: The ransomware appends ― without quotes ― « .dd » (two small-case Latin letters, no numeric characters, no secondary tag) so that “Holiday.jpg” becomes “Holiday.jpg.dd”. Renaming Convention: Some samples also prepend an email address or a…

dcrypt Ransomware – Complete Analysis & Recovery Guide This page is maintained by the community security coalition – last reviewed 2024-05-29 Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .dcrypt (all lower-case, no random tagging). Renaming Convention: dcrypt appends the extension rather than replacing it. Example: Q4_Project.xlsx → Q4_Project.xlsx.dcrypt When operating…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .dcry (annotated with 2.0 in ransom notes to distinguish it from the earlier, non-decryptable *.dcry) Renaming Convention: Original name is untouched; the payload appends “.dcry” once per file (report.xlsx → report.xlsx.dcry). Unlike many families, it does not embed an e-mail or victim-ID token…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .dcry Renaming Convention: The sample prepends an 8-byte hex string in lower-case to the original file name, followed by a dot, followed by the extension .dcry. Example: notes.txt becomes a7fb9e10.notes.txt.dcry Drives mapped as C:\, D:\, fixed-removable (USB), and all accessible network shares (UNC…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by Dcrtr are renamed with the suffix .dcrtr. Renaming Convention: [original_name].[original_ext].id-[8-hex-chars].dcrtr, e.g., Budget_2024.xlsx.id-3AFB12AC.dcrtr. Some campaigns embed the campaign ID or the operator’s “client name” between the victim-ID and the final extension: .id-F28D1FB0.[alien].dcrtr 2. Detection & Outbreak Timeline Approximate Start Date/Period: First…

Global Resource on the DCRat (DarkCrystal RAT / RaT) Ransomware Variant (Target audience: system administrators, incident-response teams, SOCs, SMB owners, home users) Technical Breakdown 1. File Extension & Renaming Patterns Direct ransomware stage: Recent “ransom-builder” plug-ins added to DCRat now append one of the following extensions to encrypted files: .DCRat .DCRY .Darkcrypt .locked-DCR Composite renaming…

Ransomware Community Resource Variant: “.dcom” Technical Breakdown 1. File Extension & Renaming Patterns Extension in Use: “.dcom” – the literal lowercase string appended to every encrypted file. Renaming Convention: Original file-name + “.id-.[].dcom” Example: Invoice_AUG2024.pdf → Invoice_AUG2024.pdf.id-A3B7C2D1.[[email protected]].dcom Exactly one secondary dot is preserved (File.ext.dcom). The extension is written in all-lowercase on all OSs. 2. Detection…