Ransomware Archives - Page 94 of 236

Search Results

coronolock

I’m
coronavirus
coronalock

Technical Breakdown – CORONALOCK Ransomware 1. File Extension & Renaming Patterns Exact Extension Added: Every encrypted file receives the additional extension “.CORONALOCK” appended directly after the original extension (e.g., invoice.pdf.CORONALOCK). Renaming Convention: Inside every folder that contains encrypted data, the malware creates two new files: CORONALOCK_INFO.TXT – the ransom note. The encrypted file itself retains…
coronacrypt*

I
corona-lock

CORONA-LOCK RANSOMWARE RESOURCE GUIDE (Released for the DFIR / IT-Sec community – 2024-05-30) Technical Breakdown 1. File Extension & Renaming Patterns Exact file extension: .corona-lock Renaming convention: OriginalFile{12_random_hex}.{original_extension}.corona-lock Example: Budget2024.xlsx → Budget2024.4a7f9b1e3c2f.xlsx.corona-lock 2. Detection & Outbreak Timeline First public sightings: 20 Mar 2020 on Russian-language malware forums; widespread spam campaigns started 23 Mar 2020 (coincided…
corona

CORONA Ransomware – Technical & Recovery Compendium Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: CORONA, appended verbatim to the original file name without a preceding dot (e.g., Annual_Report.xlsxCORONA). Renaming Convention: [original_name][ext]CORONA Folders themselves are not physically renamed; instead, inside every folder a plain-text ransom note (ДЕШИФРАВОР.txt, Russian for “Decryptor”) is…
core

Comprehensive Ransomware Resource for .core Extension – Community Edition Technical Breakdown 1. File Extension & Renaming Patterns Exact Extension: .core (secondary tag: .CORE appears on case-insensitive volumes). Renaming Convention: Original filename → <original name>.id-<8-hex-chars>.[<attacker e-mail 1>][<attacker e-mail 2>].core Example: Budget2024.xlsx → Budget2024.xlsx.id-A7F3C1B2.[[email protected]][[email protected]].core 2. Detection & Outbreak Timeline First Submitted Sample: February 2022 (Malshare #453a1e9). Wider…
cope

===================================================================== IN-DEPTH RANSOMWARE CHARACTER SHEET – “COPE” ransomware 1. TECHNICAL BREAKDOWN 1.1 File Extension & Renaming Patterns Extension used: .cope (e.g., thesis.docx → thesis.docx.cope) Renaming convention: Files keep their original name and base extension and are simply appended with “.cope”. No cryptographic basenames, no email addresses inside the filename. 1.2 Detection & Outbreak Timeline First…
copan

Ransomware Variant Focus: COPAN Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Encrypted files are immediately given the additional suffix “.copan”. Renaming Convention: original.docx → original.docx.copan Report.xlsx → Report.xlsx.copan No prefix or email contact is added before the extension—this makes COPAN easier to spot via logs or scripts looking for “*.copan”.…
copa

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .copa All encrypted files are appended with the exact extension .copa, resulting in names like ProjectBudget.xlsx.copa, CustomerDB.accdb.copa, AnnualReport.pdf.copa, etc. Renaming Convention: The ransomware pre-sorts files into subdirectories based on file type and then re-writes file names using the following pseudocode: <Original-Filename without extension>.<8-char-random-ID>.copa…