Ransomware Research

Weaxor Ransomware

Weaxor is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on June 1, 2025, this ransomware has been actively targeting systems worldwide.

Quick Facts

Ransomware Family
Weaxor
First Seen
June 1, 2025

How Weaxor Ransomware Works

Targeted Files

weax.txt in the RansomPayloadStartFolder

File Encryption Patterns

Weaxor modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..weax

Ransom Note and Payment Demands

After encrypting files, Weaxor displays ransom notes demanding payment for file recovery:

fileFILE RECOVERY.txt

Ransom message:

notes/FILE RECOVERY.txt

Note locations:

EveryFolder

Elastio Can Help You

Don't let Weaxor ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Weaxor ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Weaxor.

Last updated: September 30, 2025