HOMETHREATSEvil Ransomware
APT / THREAT GROUP

Evil Ransomware

2
aliases

Intelligence Profile

It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Domain KZ is used, therefore it is assumed that the decrypter is from Kazakhstan. Coded in Javascript

Threat Analysis

Evil Ransomware is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Evil Ransomware

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

Evil RansomwareFile0Locked KZ Ransomware

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Evil Ransomware — APT / Threat Group | Threat Intelligence | CTIWATCH.COM