Ransomware Research

About Arsium


Arsium was first discovered in August 2019 in enterprise cloud environments.

Name Arsium
First Seen August 2019

Behavior of Arsium

Arsium is known to target specific file types. Below are all known file types that Arsium is known to infect.

In some cases, ransomware will update the modified date, when it encrypts files. Arsium unknown the last modified date of the file it targets.

Learn More

Characteristics of Arsium

Here are some of the unique characteristics that are helpful to know about Arsium.


Some ransomware will change or append a suffix to the end of the file after they are encrypted, including changing the extension of a file. Here are some of the possible suffixes that Arsium ransomware is known to change.



These are the names of the executables that contain the undetonated ransomware payload for Arsium.

Executablesezfzef.exe, Builder 3 DLL.exe, Arsium Ransomware Builder [DLL] [DESKTOP].exe
How Elastio can help

Don’t let ransomware
take over your backups.

Elastio’s Cyber Recovery as a Service (CRaaS) software helps you detect, recover, and protect from ransomware attacks. The Elastio platform combines data security, protection and active ransomware recovery technology, offering you the most complete solution available. Gain full workload visibility, automated recovery testing, lower cloud costs and simplicity with Elastio’s cyber recovery solution.

Scroll to Top