Ransomware Research
Snwkz Ransomware
Snwkz is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2023, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Snwkz
- First Seen
- February 1, 2023
How Snwkz Ransomware Works
Targeted Files
https://www.joesandbox.com/analysis/527973/0/html https://tria.ge/211124-rt6ahachej Full extension -> .xssM7yCW-teOeNI018Gs6gShExY6W6iuebbsU4RAJGv_7k4kPtWlXN40.snwkz
File Encryption Patterns
Snwkz modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..snwkz
Ransom Note and Payment Demands
After encrypting files, Snwkz displays ransom notes demanding payment for file recovery:
/^\w+_HOW_TO_DECRYPT\.txt$/
Ransom message:
notes/Djfk_HOW_TO_DECRYPT.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with Snwkz ransomware:
test.zip
test.exe
test
test.dat
test.exe_
ransomware.exe_
test.bin
output.exe
decoding_data.exe
test.exe.ransom
result
kdfs2022_ransom
decoded
download.dat
download.exe
seungah.dat
decoded - 복사본.exe
test1.zap
ransomeware.exe
test.txt.bin
Trojan.Ransom.Hive.exe
Ransomware (5).exe
serenb.exe
Elastio Can Help You
Don't let Snwkz ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Snwkz ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Snwkz.
Last updated: July 30, 2025