Ransomware Research
0kilobypt Ransomware
0kilobypt is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2016, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- 0kilobypt
- First Seen
- March 1, 2016
How 0kilobypt Ransomware Works
Targeted Files
NOSAMPLE Destroys content of the files Full extension -> .[rekoh4th@secmail.pro].CRYPT;.[Xieth8ie@secmail.pro].cr;.[andrey.taranov@protonmail.com].Iexei8bo;.[uroo7ohM@secmail.pro].val
File Encryption Patterns
0kilobypt modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..CRYPT..cr..val./\.\w{8}$/./\.\w{5}$/Ransom Note and Payment Demands
After encrypting files, 0kilobypt displays ransom notes demanding payment for file recovery:
WHERE ARE YOUR FILES READ ME (ГДЕ ТВОИ ФАЙЛЫ, ПРОЧИТАЙ МЕНЯ).txtRansom message:
notes/WHERE ARE YOUR FILES READ ME (ГДЕ ТВОИ ФАЙЛЫ, ПРОЧИТАЙ МЕНЯ).txt
!!!ПОМОЖЕМ_С_ФАЙЛАМИ_(rekoh4th@secmail.pro).txt!!!ПРОЧИТАТЬ!!!.txtRansom message:
notes/README.txt
ВЕРНУТЬ ВАШИ ФАЙЛЫ.txtRansom message:
notes/ВЕРНУТЬ ВАШИ ФАЙЛЫ.txt
RECOVERY.txtRansom message:
notes/RECOVERY.txt
README.txtRansom message:
notes/README.txt
RECOVERY.htaRansom message:
notes/RECOVERY.hta.txt
Elastio Can Help You
Don't let 0kilobypt ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This 0kilobypt ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like 0kilobypt.
Last updated: July 30, 2025