Sonshi is a two-for-one malware that includes a Python information stealer and a wiper. Since we are only concerned with ransomware, we will omit the infostealer details. However, Python-based information stealers are commonly labeled as PythonStealer, and is usually a catch-all term for any information stealer written in Python. These perform the typical infostealer behavior of stealing browser data, crypto wallets, credentials, etc. The ransomware aspect isn't much of a ransomware, either. It encrypts files with XOR and appends '.sonshi' to the affected files, and that's it! There is no ransom note or extortion. As such, this is labeled as a through-and-through wiper. Sonshi is the Tasmanian Devil (Taz) of ransomware that arrives on your system, causes destruction, eats your files, and leaves.