Benzona ransomware is a newly observed encryption-based malware discovered during the examination of fresh file submissions on the VirusTotal platform. It is part of a broad class of ransomware strains that render a victim’s files inaccessible using strong cryptographic methods and then demand payment for decryption. After Benzona completes its encryption process, each affected file…
FckFBI ransomware is a malicious file-encrypting threat engineered to lock personal and professional data using strong encryption. Once active, it modifies all affected files by adding the .fckfbi extension and then leaves behind a ransom note instructing the victim on how to obtain a decryption tool—typically for a cryptocurrency payment. Much like other modern crypto-extortion…
ChickenKiller ransomware is a highly destructive file-encrypting threat designed to lock important data and append the .locked extension to every compromised file. It belongs to a modern family of extortion-based malware strains that silently infiltrate systems, corrupt files, and then pressure victims into making a payment for decryption. Once the ransomware finishes encrypting files, it…
If your NAS system has been attacked and your files now end in “.encrypt”, you’re likely facing the Filecoder ransomware — a Linux-targeting cryptovirus affecting storage platforms like Synology, QNAP, and other NAS devices. Our team has developed a specialized Filecoder NAS Decryptor. It works on ransomware variants that: We deliver safe, professional ransomware recovery…
A new ransomware strain identified as BLACK-HEOLAS has been confirmed through recent sample analysis on VirusTotal. Unlike traditional encryptors, this malware completely alters filenames into random alphanumeric strings before appending the extension “.hels”. For example, a file like resume.docx may become e1c2b5a7f0844b4c943ad13f3f44c941.hels. Once encryption completes, a ransom message titled hels.readme.txt appears in affected folders. The…
LockBit 3.0 Black is one of the most enduring and adaptable ransomware threats active in 2025. The variant identified by the “.AZrSRytw3” extension continues the group’s signature blend of speed, encryption precision, and psychological coercion.Files are renamed with random 9–10 alphanumeric extensions (e.g., report.xlsx.AZrSRytw3) and paired with ransom notes following the same naming scheme —…
A recent outbreak of C77L ransomware (also known as X77C) marks another step in the evolution of data-extortion campaigns. Emerging in November 2025, this strain appends a 10-character random string followed by the “.OXOfUbfa” extension to each encrypted file (e.g., photo.png.mV12nTsY3O.OXOfUbfa). The attackers behind this campaign claim to have stolen all victim data, promising to…
Zarok is a crypto-ransomware strain identified from fresh submissions to VirusTotal in early 2025. It encrypts data and adds a random four-character extension to each file — for example, photo.jpg becomes photo.jpg.ps8v. After encryption, it changes the desktop wallpaper and drops a ransom note titled “README_NOW_ZAROK.txt.” Victims are told to pay roughly €200 worth of…
Our threat response and malware research team has designed a dedicated decryptor and containment workflow to address Bactor ransomware, a hybrid encryption and data-theft malware discovered in 2025.This ransomware encrypts user data with AES and RSA encryption algorithms, appends the “.bactor” extension to files (e.g., photo.jpg.bactor, invoice.pdf.bactor), replaces the desktop wallpaper, and creates a ransom…
Our response engineers maintain a bespoke decryptor and workflow tailored to LockBit 3.0 Black—the modern evolution of the LockBit RaaS ecosystem. This strain encrypts files with a hybrid AES-256 + RSA-2048 scheme and tags each item with a random 9-character extension (for example, .3R9qG8i3Z). Ransom notes mirror that token (e.g., 3R9qG8i3Z.README.txt) to bind your case…
End of content
End of content