Eeyee Ransomware DescriptionType: Ransomware
The Eeyee Ransomware is a malware designed specifically to lock the files and data of its victims. Ransomware threats achieve their nefarious goals by executing an encryption routine involving an uncrackable cryptographic algorithm. While the affected files will still be present on the system, they will be rendered inaccessible and unusable.
The attackers will then extort the victim for money in exchange for providing the required decryption keys. Most ransomware operations also employ other extortion avenues, such as collecting private data and then threatening to release it to the public.
As part of its programming, the Eeyee Ransomware will generate a random ID key for the specific victim, consisting of a lengthy string of characters. This key alongside '.eeyee' will be appended to the original names of all encrypted files. Finally, the threat will deliver a ransom note to the compromised system. The ransom-demanding message will be placed inside a text file named '6pZZ_HOW_TO_DECRYPT.txt.'
Ransom Note Details
The hacker's message states that information, such as personal data, financial reports, or other essential documents has been obtained from the compromised devices. Victims who do not wish to pay the demanded ransom will have their information published on a dedicated leak site hosted on the TOR network. Communication with the attackers can be carried out through a separate site hosted on the same network. To access it, users will need to enter the login and password credentials found inside the ransom note.
The full text of the note is:
'Your network has been breached and all data were encrypted.
Personal data, financial reports and important documents are ready to disclose.
To decrypt all the data and to prevent exfiltrated files to be disclosed at
you will need to purchase our decryption software.
Please contact our sales department at:
To get an access to .onion websites download and install Tor Browser at:
hxxps://www.torproject.org/ (Tor Browser is not related to us)
Follow the guidelines below to avoid losing your data:Do not modify, rename or delete *.key.eeyee files. Your data will be
Do not modify or rename encrypted files. You will lose them.
Do not report to the Police, FBI, etc. They don't care about your business.
They simply won't allow you to pay. As a result you will lose everything.
Do not hire a recovery company.
They can't decrypt without the key.
They also don't care about your business.
They believe that they are good negotiators, but it is not.
They usually fail. So speak for yourself.
Do not reject to purchase.
Exfiltrated files will be publicly disclosed.'
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.