Search Results

  • fgui

    FGUI Ransomware – Community Threat Brief Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension appended: .fgui (lower-case, four letters, no preceding space or underscore). Renaming convention: [original_name].[original_extension].fgui Example: Quarterly_Report.xlsx → Quarterly_Report.xlsx.fgui The malware keeps the original extension in the new name (typical for many recent STOP/DJVU forks). Note: Files with no extension gain…

  • fgnh

    RANSOMWARE DEEP-DIVE – EXTENSION “.fgnh” (Compiled 2024-06-xx – last updated 2024-06-xx) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of File Extension: .fgnh (lower-case, four characters, appended once). Renaming Convention: [original_name].[original_ext].fgnh Example: Quarter-2-Report.xlsx → Quarter-2-Report.xlsx.fgnh No e-mail address, random string, or campaign ID is inserted. 2. Detection & Outbreak Timeline First publicly-sighted: 2023-10-12 on…

  • fg69

    Ransomware Profile – Extension “.fg69” (Last updated: 2024-06) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of extension: Every encrypted file receives the suffix “.fg69” (lower-case, dot included). Renaming convention: Original name is kept intact, only the extra extension is appended → 2024-ledger.xlsx ➜ 2024-ledger.xlsx.fg69 No e-mail address, random string, or campaign ID preceding…

  • fff

    fff – Community Resource Last updated: 2024-06-XX Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: .fff (lower-case, three letters, appended as a secondary extension – e.g. invoice.docx.fff). Renaming Convention: – Keeps the original file name and first extension intact, simply concatenating .fff at the end. – No e-mail address, random hex…

  • fezmm

    fezmm Ransomware – Community Defense Guide Last revised: 17 May 2024 Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension appended: .fezmm (lower-case, five characters, no second extension) Typical renaming pattern: Original name → <original_name>.id-<8-to-10-hex-chars>.[<[email protected]>].fezmm Example: 2024_Invoice.xlsx becomes 2024_Invoice.xlsx.id-A5F3C7E91.[[email protected]].fezmm Note: the e-mail address changes with each affiliate campaign (observed variants: [email protected], [email protected], [email protected]). 2.…

  • ferosus

    Ferosus Ransomware – Technical & Recovery Playbook (Last updated: 16 June 2024) Technical Breakdown 1. File Extension & Renaming Patterns Confirmed file extension: .ferosus (lower-case, appended – no secondary token) Renaming convention: original_name.ext → original_name.ext.ferosus The malware keeps original names intact; only the extra suffix is added. Ransom note: README_TO_RESTORE_FILES.txt or HOW_TO_DECRYPT.hta is written into…

  • ferosas

    RANSOMWARE DOSSIER Variant tracked in the wild by the file-extension “.ferosas” TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Exact extension: .ferosas (lower-case, appended as a second extension – e.g. Report.xlsx.ferosas) Renaming convention: – Original file name and inner extension are preserved, .ferosas is simply appended. – No e-mail address or random numeric ID is…

  • fenrir

    Fenrir Ransomware – Community Defense Guide Last updated: 24 June 2025 TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of File Extension: .fenrir Renaming Convention: Original name: Project_Q3.xlsx After encryption: Project_Q3.xlsx.fenrir (single simple suffix; no e-mail address, no hexadecimal ID). The ransom note is dropped as FENRIR_RECOVER.txt in every affected folder and on the…

  • fenixlocker

    FenixLocker Ransomware – Community Resource Sheet (Last updated: 21-Jun-2025) Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: [email protected]_[victim-ID].fenixlocker (older builds used only .fenixlocker without the e-mail prefix) Renaming convention: original_name.docx → [email protected]_2A9D74E2.fenixlocker The 8-byte hex string (here 2A9D74E2) is the victim UID, generated from GetVolumeInformation and rand(). 2. Detection & Outbreak Timeline First…

  • felix

    Technical Brief – Ransomware that appends “.felix” to encrypted files Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of File Extension: Every ciphered file receives a SECOND extension “.felix”. Example: project.xlsx → project.xlsx.felix, 2024-Q1-DB.sql → 2024-Q1-DB.sql.felix Renaming Convention: The original file name, internal structure and first extension are left intact; only the additional low-case…