Rook
According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening files by encrypting them. It also modifies filenames and creates a text file/ransom note (HowToRestoreYourFiles.txt). Rook renames files by appending the .Rook extension. For example, it renames 1.jpg to 1.jpg.Rook, 2.jpg to 2.jpg.Rook.
Victims
9
First Discovered
2021-12-07
victim
Last Discovered
2022-01-08
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
100.0%
victims with domain
Countries
1
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
We Are Rook!!! | No | 2026-04-28T07:26:15 |
gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 2
- Technology 2
- Healthcare 1
- Business Services 1
- Energy 1
Top 5 Countries
-
Japan
1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (2)
Email
2
| Type | IOC |
|---|---|
Email
|
rook@onionmail.org
|
Email
|
securityrook@onionmail.org
|
Victims (9)
