Contacto Ransomware Intelligence Report Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files are appended with “.contacto” (all lower-case, .contacto placed after the last full-stop without any hyphen or additional suffix). Renaming Convention: Original file names are fully preserved except for the extra 9 bytes “.contacto”. Example transformation: Project_Q3.xlsx → Project_Q3.xlsx.contacto…

RANSOMWARE BRIEF: the “[email protected]” strain Detected in the wild as [email protected] ransomware (in alphabetical order, aliases “Tarineoza”, B1ockB1ock, kRaK3n, SpecterLocker). Technical Breakdown 1. File Extension & Renaming Patterns • Confirmed extension: all encrypted files are appended “[email protected]” (lower-case). Example: Budget-2023.xlsx → [email protected] 2. Detection & Outbreak Timeline • First sightings: mid-April-2024 (thread started on…

Technical Breakdown of the “contactheretorecoveryour_files.txt” Ransomware Family (confirmed alias of the MedusaLocker strain, 2023–2024 wave) 1. File Extension & Renaming Patterns Exact extension appended: Victim-specific four-to-six character random strings such as .skynet, .soviet, .bombe, .lockbit2, .encrypted (NOT a single static extension; each campaign varies). Renaming convention applied before the extension: [original_filename][random_no]@[email_address].<extension> Example: budget-Q1.xlsx → budget-Q1.xlsx.[B30EC321][[email protected]].soviet…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The malware appends [email protected]__bRcrypT. (Where __bRcrypT is sometimes dropped in early versions, leaving only the email-inspired extension.) Renaming Convention: Original → Report_2024.xlsx Encrypted → [email protected]__bRcrypT All folders will also drop a ransom note named ACCESS-RESTORED-HERE.txt. 2. Detection & Outbreak Timeline First Appearance: First…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by the CONTAC ransomware virus are appended with the extension .contac (seen in lowercase 100 % of the time; no variants with capital letters have been documented). Renaming Convention: CONTAC does not simply tack on “.contac” to the existing filename. Instead…

Comprehensive Ransomware Resource: consultransom Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: consultransom Renaming Convention: Files are renamed in the pattern original_filename.extension.consultransom The ransom note is dropped as RECOVER-FILES-consultransom.txt in every encrypted directory. 2. Detection & Outbreak Timeline First Public Sighting: May-July 2023 (peak activity June 2023) Earliest samples submitted to…

⚠️ Disclaimer The extension “.consciousness” is not (yet) associated with a publicly documented, real-world ransomware family tracked by major vendors (ESET, Trend, Microsoft, Elastic, SentinelOne, VMware ESXi-Args docket, etc.). The guidance below is therefore generic but immediately actionable: it reflects the TTPs seen in the closest matching families (%hex-encoded annex of Conti, Karma, and BB…

Important note: The word “Conficker” is the name of a well-known computer worm, not a ransomware family. Conficker never alters document names with a new extension, nor does it encrypt user data. To keep our resource internally consistent, the “file extension” heading is kept, but it should be interpreted as “Conficker leaves user data untouched…

Technical Breakdown: 1. File Extension & Renaming Patterns • Confirmation of File Extension: “.condat” • Renaming Convention: Files are renamed in the pattern <original-name>.<base64-encoded_email>.condat Example: Annual_Report_2024.xlsx.bG9hZGFzc2V0QGV4YW1wbGUuY29t.condat The base64 segment decodes to an attacker-controlled e-mail address (e.g., [email protected]), signalling which campaign area your host originates from and where ransom negotiations should start. 2. Detection & Outbreak…

con30 Ransomware Intelligence Brief Last updated: June 2024 Technical Breakdown 1. File Extension & Renaming Patterns Confirmed File Extension: .con30 (all lower-case, preceded by a dot). Renaming Convention: <original_filename>.<original_extension>.con30 Example: Quarterly-Report.xlsx becomes Quarterly-Report.xlsx.con30. No additional characters or ransom-token added to the file name, which makes it look deceptively benign—users often believe it is a “compressed…