A new ransomware strain identified as BLACK-HEOLAS has been confirmed through recent sample analysis on VirusTotal. Unlike traditional encryptors, this malware completely alters filenames into random alphanumeric strings before appending the extension “.hels”. For example, a file like resume.docx may become e1c2b5a7f0844b4c943ad13f3f44c941.hels. Once encryption completes, a ransom message titled hels.readme.txt appears in affected folders. The…
LockBit 3.0 Black is one of the most enduring and adaptable ransomware threats active in 2025. The variant identified by the “.AZrSRytw3” extension continues the group’s signature blend of speed, encryption precision, and psychological coercion.Files are renamed with random 9–10 alphanumeric extensions (e.g., report.xlsx.AZrSRytw3) and paired with ransom notes following the same naming scheme —…
A recent outbreak of C77L ransomware (also known as X77C) marks another step in the evolution of data-extortion campaigns. Emerging in November 2025, this strain appends a 10-character random string followed by the “.OXOfUbfa” extension to each encrypted file (e.g., photo.png.mV12nTsY3O.OXOfUbfa). The attackers behind this campaign claim to have stolen all victim data, promising to…
Zarok is a crypto-ransomware strain identified from fresh submissions to VirusTotal in early 2025. It encrypts data and adds a random four-character extension to each file — for example, photo.jpg becomes photo.jpg.ps8v. After encryption, it changes the desktop wallpaper and drops a ransom note titled “README_NOW_ZAROK.txt.” Victims are told to pay roughly €200 worth of…
Our threat response and malware research team has designed a dedicated decryptor and containment workflow to address Bactor ransomware, a hybrid encryption and data-theft malware discovered in 2025.This ransomware encrypts user data with AES and RSA encryption algorithms, appends the “.bactor” extension to files (e.g., photo.jpg.bactor, invoice.pdf.bactor), replaces the desktop wallpaper, and creates a ransom…
Our response engineers maintain a bespoke decryptor and workflow tailored to LockBit 3.0 Black—the modern evolution of the LockBit RaaS ecosystem. This strain encrypts files with a hybrid AES-256 + RSA-2048 scheme and tags each item with a random 9-character extension (for example, .3R9qG8i3Z). Ransom notes mirror that token (e.g., 3R9qG8i3Z.README.txt) to bind your case…
Our digital forensics specialists have engineered a dedicated decryptor for the GandCrab ransomware (v1) family — one of the most influential and widespread ransomware operations in history. First detected in early 2018, GandCrab was among the first large-scale ransomware-as-a-service (RaaS) models that enabled affiliates to distribute the malware in exchange for profit sharing. The version…
Our digital forensics and incident response division has built a specialized decryptor for the Radiant Group ransomware, a sophisticated crypto-extortion operation that first appeared in September 2025. The Radiant syndicate uses an advanced AES and RSA hybrid encryption model combined with multi-layered extortion tactics, including public data leaks and SEO sabotage. The decryptor is designed…
Our cybersecurity specialists have engineered a bespoke decryptor to assist victims of the MedusaLocker3 / Far Attack ransomware family — an evolution of the notorious MedusaLocker threat group. This version encrypts files using AES and RSA hybrid encryption, appending the “.BAGAJAI” extension to each locked file. Our decryptor is designed to: The decryptor supports both…
Our security research and response division has designed a specialized decryptor for Phantom ransomware, a variant built upon the open-source Hidden Tear framework. This strain employs robust hybrid encryption using AES-256 and RSA-2048 and renames every encrypted file by adding the “.Phantom” extension. The decryptor is engineered to: It works seamlessly in both cloud-based (for…
End of content
End of content