Evil Ransomware Overview[]
The Evil ransomware is a Javascript-based malware threat that follows the usual ransomware behavior tactics. It encrypts target user data and appends the .file0locked extension to the compromised files.The virus employs the AES cipher and its engine is written in the Javascript programming language.
Evil Ransomware Affected File Types[]
.3fr, .accdb, .ai, .arw, .bay, .cdr, .cer, .certs, .cr2, .crt, .crw, .dbf, .dcr, .der, .dng, .doc, .dwg, .dxf, .dxg, .eps, .erf, .img, .indd, .jpg, .kdc, .mdb, .mdf, .mef, .mrw, .nef, .nrw, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pef, .pem, .pfx, .ppt, .psd, .pst, .ptx, .pub, .r3d, .raf, .raw, .rtf, .rw2, .rwl, .sr2, .srf, .srw, .wb2, .wpd, .wps, .x3f, .xlk, .xls
Evil Ransomware Note[]
Hello. Your UID: 14D3AB08 Its evil ransomware. As you can see some of your files have been encrypted! Encryption was made using a unique strongest AES key. If you want restore your files you need to BUY (sorry, nothing personal, its just business) the private key, send me your UID to r6789986@mail.kz List of encrypted files
Evil Ransomware Distribution[]
The identified Evil ransomware samples were distributed by a malicious dropper. The usual way of delivering them to the computer targets is via spam email campaigns that may use various social engineering tricks.