- Home
- Detectable Ransomware
- Mermaid
Ransomware Research
Mermaid Ransomware
Mermaid is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2019, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Deniz Kizi, DenizKizi.
Quick Facts
- Ransomware Family
- Mermaid
- First Seen
- December 1, 2019
- Known Aliases
- Deniz KiziDenizKizi
How Mermaid Ransomware Works
Targeted Files
https://app.any.run/tasks/ddaa638f-c305-471c-abf5-e4074244e388/ https://app.any.run/tasks/6fc45ad8-8993-4fc6-8e60-c437d66593e3/# https://app.any.run/tasks/70e30766-d3f8-434f-af39-97875c2db930/ b2d2abde6d4bd2eb4f0e5bbfc56d94fd8f38bb2a34f61603573097f8af37e836 -> doesn't change filenames
File Encryption Patterns
Mermaid modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..Deniz_Kızı
..Deniz_Kizi
Ransom Note and Payment Demands
After encrypting files, Mermaid displays ransom notes demanding payment for file recovery:
Please Read Me!!!.hta
Ransom message:
notes/Please Read Me!!!.hta
Note locations:
UserFolders
Lütfen Beni Oku!!!.log
Ransom message:
notes/Lütfen Beni Oku!!!.log
Note locations:
UserFolders
RootDirectory
Please Read ME!!!.log
Ransom message:
notes/Please Read ME!!!.log
Note locations:
UserFolders
Beni_Oku!!!.hta
Ransom message:
notes/Beni_Oku!!!.hta
Note locations:
UserFolders
Technical Indicators
Associated Executable Files
The following executable files are associated with Mermaid ransomware:
Ztarter.exe
Konyalı Zula Hack V4 2019.exe
k.exe
svchost.exe
svchost.exe.zp.bin
Starter.exe
Starter.bin
Deniz_Kızı.exe
Elastio Can Help You
Don't let Mermaid ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Mermaid ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Mermaid.
Last updated: July 30, 2025