Oslapisavkusna Ransomware Joins the Zeppelin Ransomware Family

While some ransomware families like Paradise and Dharma seem to be relatively inactive nowadays, there are still some old file-locker variants that show signs of life. The ZEPPELIN Ransomware is one of them, and it appears to be back with a new variant – the Oslapisavkusna Ransomware. This particular version is spread through malicious email attachments, fake downloads, pirated games/software, and other dubious content. Once it reaches a system successfully, it can execute a devastating file-encryption attack that damages documents, spreadsheets, archives, media, and many other files.

Oslapisavkusna Ransomware's attack is usually pretty easy to recognize because some of the unique changes that the malware brings. It will append the extension '.oslapisavkusna.[<VICTIM ID>] to all files it locks. It will also create a ransom document called '!!! ALL YOUR FILES ARE ENCRYPTED !!!.txt' on the desktop.

Oslapisavkusna Ransomware
ns

The latter document contains some information about the attack, and instructions that the victim should supposedly follow. However, we do not advise you to trust the criminals behind this project. They ask for a Bitcoin payment and promise to provide a decryptor in return. Unfortunately, there is no guarantee that this will happen – if you send them the money, you might just get scammed. If your files are locked by the Oslapisavkusna Ransomware, then contacting the attackers is the last thing you should do. Instead, use an up-to-date security tool to dispose of the malware. After this, start restoring files from a backup. If a backup is not available, then there are plenty of other data recovery options and methods to try out.

February 16, 2022