Ransomware - RansomExx

RansomExx
Aliases
RansomEXX
Ransom X
Decryptor Available
No
Description

RansomExx is a Human-Operated Ransomware (HumOR) that has existed since May 2020. However, the group associated with it - Sprite Spider - has been deploying ancestors of this ransomware known as Defray and Defray777. The Defray group has been around since 2017, and it's known to have created other malware, such as Vatet and PyXie, to aid their ransomware efforts. So, this group has an extensive history, relatively speaking, of successfully exploiting organizations worldwide with their ransomware. The group also exports its victims on the dark web data leak site, a tactic called "double extortion," and has listed large organizations such as the Texas government, Gigabyte, Hellman Worldwide Logistics, and Ferrari, just to name a few.

In December 2022, a variant of RansomExx was discovered using the Rust programming language. At the same time, the group renamed its website RansomExx2. As such, we created a variant called RansomExx2, named after the new website coupled with the new Rust implementation. Although, the behavior of the new variant is similar to the original. Any victims posted since the rename are tied to that entry as well. You can view them here: RansomExx2.

Ransomware Type
Crypto-Ransomware
HumOR
First Seen
Last Seen
Threat Actors
Tipo
Actor
Cybergroup
Sprite Spider
Extortion Types
Direct Extortion
Double Extortion
Encryption
Type
Hybrid
Files
AES-256-ECB
Key
RSA-4096
File Extension
<file name>.<unique to targeted org>
Ransom Note Name
!<unique to targeted org>_READ_ME!.txt
Ransom Note Image
08113ca015468d6c29af4e4e4754c003dacc194ce4a254e15f38060854f18867
1699dd3b24dd5a405449a60f94b0043731deaa749d4899f2f927d913c624895b
196eb5bfd52d4a538d4d0a801808298faadec1fc9aeb07c231add0161b416807
480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458
64c51351aafb4cd339934a78d064847bdd833b963eafbade86eb51ac2c1677f4
654b5c7053a50e7a32cb5d39316cbb75451423d385ac424fe0eebc5613b713d7
6b667bb7e4f3f2cb6c6f2d43290f32f41ae9f0d6ed34b818d78490050f7582a1
76c808fb0d3bd3e215a7e38166ae149d7ea5e58c4a1c71c04e6764462c7912fa
78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13d
947b360b76dd815f5b5d226b8a9aba22fe6b5589a3c16c765625ce2f9d1f5db2
c0f07b493cc32ffcbb4ca1ca92f5752c4040b1d0be7b69981c22a27f69cfb890
c3f4d00035901a4d335314c039e189101de231336aceb00c7f7a2dc3a714c400
cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849
d531bac7dc645417a5c8de77c453e09a51dd5e712bc8817fe00197a47e0886ac
d85f4448d5aea240d68c07bec6f363986d71940c3c1a3e49053d55fd1741c41e
dcf7b7ba54af41f34abfe7fa5d63de3efe4c6761aa724df5530690a9bfd07ef0
e55fcf9315c52d2abd3431f7e4bb82cbd2b0d24d124e0e1a27b951030b2de162
ed2b1f855fc7a39a7cf2cfbfd5a10707801ba313bab9c5d748fcd3703aad66fc
f543c477ba67afd4fb2ae111b22c8d596bf8e61e13a627f6a972fac4762a70c1
fa28436aaf459d16215dd2d96ea5756c09198216c52d90a7a20abde4e826909b
Industry Sector Paese Extortion Date Amount (USD)
GovernmentUnited States
GovernmentUnited States
Information TechnologyJapan
ManufacturingUnited States
Information TechnologyUnited States
TransportationCanada
GovernmentBrazil
Professional ServicesUnited States
Aerospace & AviationBrazil
EnergyFrance
AutomotiveAustralia
Professional ServicesUnited States
ManufacturingUnited States
Banking & FinanceUnited States
Distribution & LogisticsBrazil
Professional ServicesGermany
EnergyChile
Healthcare & MedicineFrance
TelecommunicationsItaly
Information TechnologyUnited States
EnergyIndonesia
GovernmentItaly
GovernmentSpain
MaritimeGermany
AutomotiveGermany
Distribution & LogisticsCanada
Distribution & LogisticsUnited Kingdom
InsuranceArgentina
Distribution & LogisticsTaiwan
ManufacturingTaiwan
TelecommunicationsEcuador
Real Estate & HousingUnited Kingdom
Retail & WholesaleItaly
ManufacturingTaiwan
Information TechnologyUnited States
ManufacturingSaudi Arabia
GovernmentItaly
GovernmentItaly
TelecommunicationsJamaica
ManufacturingGermany
ManufacturingMalaysia
Distribution & LogisticsGermany
EnergyUnited Kingdom
Media & MarketingSlovenia
Aerospace & AviationColombia
Healthcare & MedicineUnited Kingdom
Healthcare & MedicineFrance
Retail & WholesalePortugal
GovernmentBrazil
ManufacturingCanada
AutomotiveItaly
Healthcare & MedicineSpain
Healthcare & MedicineBrazil