Rancoz
Rancoz is a Windows-targeting ransomware strain first observed in November 2022 that appends the ".rec_rans" extension to encrypted files, considered a Vice Society copycat, deployed against a small number of organizations using double extortion and linked to the same developer as the "Buddy" ransomware.
Victims
6
First Discovered
2023-05-05
victim
Last Discovered
2023-09-03
victim
Inactive Since
2yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
0
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Rancoz | Blog | No | 2026-04-28T07:21:29 |
ze677xuzard4lx4iul2yzf5ks4gqqzoulgj5u4n5n4bbbsxjbfr7eayd.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 3
- Business Services 1
- Construction 1
- Technology 1
Top 5 Countries
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (1)
Email
1
| Type | IOC |
|---|---|
Email
|
rec_rans@aol.com
|
Victims (6)
