RensenWare is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
RensenWare
First Seen
April 1, 2017
How RensenWare Ransomware Works
File Encryption Patterns
RensenWare modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..RENSENWARE..Haruna..KASHIMA
Ransom Note and Payment Demands
After encrypting files, RensenWare displays ransom notes demanding payment for file recovery:
message
Ransom message:
notes/note.txt
Note locations:
OnceOnCompletion
Technical Indicators
Associated Executable Files
The following executable files are associated with RensenWare ransomware:
Rensenware.exe
rensenWare.exe
Trojan.Ransom.Rensenware
Rensen.exe
rensenware.exe
1kkUiAnQvSWUv2.exe
Trojan.Ransom.Rensenware.exe
RensenWare.exe
Trojan.Ransom.RensenWare.exe
XDDWDx.exe
XDDWDx.exe.exe
Ransomware HiddenTears.exe
684.json
qae8v0xd7s2iDQ.exe
Tda0xbFhlh9afR.exe
myfile.exe
RensenwareGame.exe
wefe.bin
ESZHSKiB
ransomware RensenWare
Elastio Can Help You
Don't let RensenWare ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This RensenWare ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like RensenWare.