Ransomware Research
Everbe Ransomware
Everbe is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2018, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Everbe 2.0-3.0.
Quick Facts
- Ransomware Family
- Everbe
- First Seen
- March 1, 2018
- Known Aliases
- Everbe 2.0-3.0
How Everbe Ransomware Works
Targeted Files
Full extension -> .[volcano666@tutanota.de].volcano https://app.any.run/tasks/8dd233eb-9bcb-4235-808d-a272b68025b9/#
File Encryption Patterns
Everbe modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..everbe
..lightning
..volcano
..embrace
..pain
..eV3rbe
..EVIL
..HYENA
..thunder
..divine
..NOT_OPEN
..EVEREST
..neverdies@tutanota.com
..seed
..DEADMIN
..COCKROACH
..Oypl7T1i9
..CULEX
Ransom Note and Payment Demands
After encrypting files, Everbe displays ransom notes demanding payment for file recovery:
!=How_recovery_files=!.txt
Ransom message:
notes/!=How_recovery_files=!.txt
Note locations:
EveryFolder
key.txt
Ransom message:
notes/key.txt
Readme if you want restore files.txt
Ransom message:
notes/Readme if you want restore files.txt
Note locations:
EveryFolder
!_HOW_RECOVERY_FILES_!.txt
Ransom message:
notes/!_HOW_RECOVERY_FILES_!.txt
Note locations:
EveryFolder
!=How_to_decrypt_files=!.txt
Ransom message:
notes/!=How_to_decrypt_files=!.txt
Note locations:
EveryFolder
EVEREST LOCKER.txt
Ransom message:
notes/EVEREST LOCKER.txt
!#_How_to_decrypt_files_#!.txt
Ransom message:
notes/!#_How_to_decrypt_files_#!.txt
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Everbe ransomware:
Everbe.exe
samples_11_04_2018 (149)
myfile.exe
setup.exe
Everbe 2.0 Ransomware.bin
rerosomware.exe
Evill Locker.bin
Evill Locker.exe
Everbe 2.0.exe
encryption.exe
Malware.exe
32.EXE
encrypt[1].exe
x64.exe
edc39d6c.gxe
pub.exe
sql.exe
Evil Locker.exe
Elastio Can Help You
Don't let Everbe ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Everbe ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Everbe.
Last updated: July 30, 2025