Ransomware Research
Mermaid Ransomware
Mermaid is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2019, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Deniz Kizi, DenizKizi.
Quick Facts
- Ransomware Family
- Mermaid
- First Seen
- December 1, 2019
- Known Aliases
- Deniz KiziDenizKizi
How Mermaid Ransomware Works
File Encryption Patterns
Mermaid modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..Deniz_Kızı..Deniz_KiziRansom Note and Payment Demands
After encrypting files, Mermaid displays ransom notes demanding payment for file recovery:
Please Read Me!!!.htaRansom message:
notes/Please Read Me!!!.hta
Note locations:
UserFoldersLütfen Beni Oku!!!.logRansom message:
notes/Lütfen Beni Oku!!!.log
Note locations:
UserFoldersRootDirectoryPlease Read ME!!!.logRansom message:
notes/Please Read ME!!!.log
Note locations:
UserFoldersBeni_Oku!!!.htaRansom message:
notes/Beni_Oku!!!.hta
Note locations:
UserFoldersTechnical Indicators
Associated Executable Files
The following executable files are associated with Mermaid ransomware:
Ztarter.exeKonyalı Zula Hack V4 2019.exek.exesvchost.exesvchost.exe.zp.binStarter.exeStarter.binDeniz_Kızı.exe
Elastio Can Help You
Don't let Mermaid ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Mermaid ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Mermaid.
Last updated: October 30, 2025
Recent Ransomware
Explore other threats in our database