Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Exorcist

According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with an extension consisting of a ransom string of characters.For example, a file originally named "1.jpg" could appear as something similar to "1.jpg.rnyZoV" following encryption. After this process is complete, Exorcist ransomware changes the desktop wallpaper and drops HTML applications - "[random-string]-decrypt.hta" (e.g. "rnyZoV-decrypt.hta") - into affected folders. These files contain identical ransom messages.


Known Locations (1)
Favicon Title Type Available Last Visit FQDN
favicon None No 2025-06-01 21:18:26 7iulpt5i6whht6zo2r52f7vptxtjxs3vfcdxxazllikrtqpupn4epnqd.onion

Target (Not Available)

No victim


Heatmap (Not Available)

No victim


Ransom Notes (0)

No ransom notes available.


Tools Used (Not Available)

No tools used available.


Vulnerabilities Exploited (0)

No vulnerabilities exploited available.


TTPs Matrix (0)

No TTPs available.


Negotiation Chats (0)

No negotiation chats available.


YARA Rules (0)

No YARA rules available.


Indicators of Compromise (IoCs) (0)

No IoCs available for this group.


Victims (0)