Ransomware Research

Outsider Ransomware

Outsider is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2018, this ransomware has been actively targeting systems worldwide.

Quick Facts

Ransomware Family
Outsider
First Seen
December 1, 2018

How Outsider Ransomware Works

Targeted Files

https://app.any.run/tasks/5bb9f568-4826-4e7c-89d5-5051c20427d3/ https://app.any.run/tasks/fd28165b-c6ef-4693-827f-3d3de3cbf9e9/ https://www.bleepingcomputer.com/forums/t/702908/pls-help-sguard-encrypted-files-sguard-readmetxt/ https://www.bleepingcomputer.com/forums/t/716967/mbit-ransomware-help-needed/ https://tria.ge/200621-1sp71ylcqe/behavioral1

File Encryption Patterns

Outsider modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..protected..crypt..popotic1..popoticus..sguard..guarded..mapo..sivo..dante..mbit..gomer..edab..assist

Ransom Note and Payment Demands

After encrypting files, Outsider displays ransom notes demanding payment for file recovery:

fileHOW_TO_RESTORE_FILES.txt

Ransom message:

notes/HOW_TO_RESTORE_FILES.txt
fileRESTORE_FILES.txt

Ransom message:

notes/RESTORE_FILES.txt

Note locations:

EveryFolder
fileHOW_TO_RESTORE_YOUR_FILES.txt

Ransom message:

notes/HOW_TO_RESTORE_YOUR_FILES.txt

Note locations:

EveryFolder
fileSECURITY-ISSUE-INFO.txt

Ransom message:

notes/SECURITY-ISSUE-INFO.txt
fileHOW-TO-RESTORE-FILES.txt
fileSGUARD-README.txt

Ransom message:

notes/SGUARD-README.txt
fileGUARDED-README.txt

Ransom message:

notes/GUARDED-README.txt
fileMAPO-Readme.txt

Ransom message:

notes/MAPO-Readme.txt

Note locations:

EveryFolder
fileSivo-README.txt

Ransom message:

notes/Sivo-README.txt

Note locations:

EveryFolder
fileDANTE-INFO.txt

Ransom message:

notes/DANTE-INFO.txt
fileMBIT-INFO.txt

Ransom message:

notes/MBIT-INFO.txt
fileGOMER-README.txt

Ransom message:

notes/GOMER-README.txt

Note locations:

EveryFolder
fileEDAB-README.txt

Note locations:

EveryFolder
fileASSIST-README.txt

Ransom message:

notes/ASSIST-README.txt

Note locations:

EveryFolder

Technical Indicators

Associated Executable Files

The following executable files are associated with Outsider ransomware:

  • 900.exe
  • MSIE.exe
  • Trojan.Ransom.Mapo.exe
  • Sivo.exe
  • edab.exe
  • assist.exe
  • assist.bin

Elastio Can Help You

Don't let Outsider ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Outsider ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Outsider.

Last updated: July 30, 2025

Outsider Ransomware - Detectable by Elastio