FortiGuard Labs is aware that a new ransomware called “Sugar” is in the wild. Reportedly, Sugar ransomware targets consumers rather than enterprises. The first sample of Sugar ransomware appears to have been discovered in the wild in early November. Sugar ransomware encrypts files on the compromised machine and appends “.emcoded01” file extension to them. Victims are asked to pay ransom to recover the encrypted files.What is Sugar Ransomware?Sugar is a ransomware that is written in Delphi and appeared in the wild in November 2021 at the latest. Once run, Sugar ransomware encrypts files on the compromised machine and appends “.encoded01” file extension to them. The malware then displays a ransom note that asks the victim to visit the attacker’s TOR page to pay the ransom in order to recover the encrypted files. The attacker offers to decrypt up to five files to prove that the encrypted files can be recovered upon ransom is paid.The ransom note displayed by Sugar ransomware looks similar to that of REvil ransomware. Also, the TOR site used by Sugar ransomware has close resemblance with that of Cl0p ransomware. However, there is no evidence to suggest that the Sugar ransomware group is associated with REvil and Cl0p threat actors.How Widespread is Sugar Ransomware?Based on the telemetry data collected by FortiGuard Labs, Sugar ransomware infections likely occurred in Canada, Thailand, the United States, Israel and Lithuania.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against Sugar ransomware:W32/Filecoder.OJD!tr.ransomW32/PossibleThreat
More Stories
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager...
Critical Patches Issued for Microsoft Products, February 11, 2025
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in...
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful...
python3.11-3.11.11-5.fc40
FEDORA-2025-f613fe78b6 Packages in this update: python3.11-3.11.11-5.fc40 Update description: Security fix for CVE-2025-0938 Read More
python3.11-3.11.11-5.fc41
FEDORA-2025-81304012fc Packages in this update: python3.11-3.11.11-5.fc41 Update description: Security fix for CVE-2025-0938 Read More
python3.10-3.10.16-5.fc40
FEDORA-2025-10e053d399 Packages in this update: python3.10-3.10.16-5.fc40 Update description: Security fix for CVE-2025-0938 Read More