Last Updated:
Ransomware Evil Extractor
Ransomware Evil Extractor

Evil Extractor Malware Threatens Windows Devices with Data Theft and Ransomware

Darknet ransomware

A menacing new strain of malware called Evil Extractor is circulating the internet, targeting Windows devices to steal sensitive data and, in some cases, deploying ransomware. Cybersecurity researchers at Fortinet discovered the malware and shared their findings in a blog post, stating that the malware was developed and distributed by a company called Kodex, which advertises it as an "educational tool."

Evil Extractor was first observed by FortiGuard Labs in a phishing email campaign on March 30th, which the researchers were able to trace back to the samples examined in their blog. The malware typically masquerades as a legitimate file, such as an Adobe PDF or Dropbox file. Once loaded onto a device, it employs PowerShell to initiate a series of malicious activities.

These activities include deploying an environment-analysis tool and an info stealer. Initially, the malware ensures it is not being launched in a honeypot before proceeding to extract as much sensitive information as possible from the endpoint. The stolen data is then sent to the threat actor's FTP server. Evil Extractor also exhibits ransomware capabilities.

The ransomware component, known as Kodex Ransomware, downloads a file called zzyy.zip from evilextractor[.]com. This file contains 7za.exe, an executable that encrypts files using the "-p" parameter, which zips the files with a password. Once the encryption is complete, the malware leaves a ransom note demanding $1,000 in Bitcoin in exchange for the decryption key. The message warns that failure to pay the ransom will result in the files being inaccessible forever.

According to Fortinet, the malware primarily targets victims in the West. In their analysis of a version of the malware injected into a victim's system, they determined that most of its victims are located in Europe and America. However, it remains unclear if the operators have successfully deployed the ransomware anywhere or how many victims they have claimed to date.

To protect yourself from such threats, it is crucial to prioritize your online security. A good starting point is our guide on keeping your personal data secure online, which offers five simple tips to protect your sensitive information. Furthermore, consider using a privacy-focused browser to minimize the risk of data theft. Our article on the advantages of using a privacy-focused browser highlights the benefits of taking this approach.

Additionally, it is essential to be aware of the potential dangers lurking on the dark web. Our blog offers a comprehensive overview of the darknet landscape and provides valuable information on evolving threats and how to stay safe online. In a digital age where cyberattacks and spyware are prevalent, protecting yourself from invisible intruders is more important than ever. Read our article on the growing threat of spyware to learn more about safeguarding your privacy and security.

In conclusion, the discovery of the Evil Extractor malware serves as a stark reminder of the need to remain vigilant about our online security. By adopting the recommended practices and staying informed about the ever-evolving threats in the digital landscape, we can better protect ourselves and our sensitive data from malicious actors.