APT / THREAT GROUP
Evil Ransomware
2
aliases
Intelligence Profile
It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Domain KZ is used, therefore it is assumed that the decrypter is from Kazakhstan. Coded in Javascript
Threat Analysis
Evil Ransomware is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Evil Ransomware
German Police Unmask REvil Ransomware Leader
SecurityWeek· Apr 7, 2026
German authorities identify REvil and GandCrab ransomware bosses
BleepingComputer· Apr 6, 2026
German police unmask two suspects linked to REvil ransomware gang
The Record· Apr 6, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Evil RansomwareFile0Locked KZ Ransomware
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.