Ransomware Research
Kodex Ransomware
Kodex is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on January 1, 2023, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Kodex
- First Seen
- January 1, 2023
How Kodex Ransomware Works
Targeted Files
https://tria.ge/230119-f9raqsfb87/behavioral2 PyInstaller with PowerShell that downloads 7za.exe -> packs Desktop file with password and sends it to FTP Contains VM checks and date checks
Ransom Note and Payment Demands
After encrypting files, Kodex displays ransom notes demanding payment for file recovery:
Read_me.html
Ransom message:
notes/Read_me.html
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Kodex ransomware:
Catacomb_crawlers.exe
Catacomb-Crawlers_Installer.exe
installation.exe
Elastio Can Help You
Don't let Kodex ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Kodex ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Kodex.
Last updated: July 30, 2025