Insane Ransomware
Parsing : Enabled
Description
Insane is a relatively obscure ransomware family first reported in late 2021, with few confirmed incidents in public threat intelligence. It encrypts victim files using symmetric encryption (AES) combined with RSA for key protection and appends the .insane extension to affected files. The ransom note, typically named INSANE_README.txt, directs victims to contact the operators via email for decryption instructions. Based on limited reporting, Insane does not appear to operate as a Ransomware-as-a-Service (RaaS) platform; instead, it seems to be deployed by the core operators in targeted attacks. Initial access methods are not well-documented, but suspected vectors include phishing attachments and exploitation of exposed RDP services. The group’s small footprint in open-source intelligence suggests limited distribution or use in highly selective campaigns.
| External Analysis |
| https://id-ransomware.blogspot.com/2021/11/insane-ransomware.html |
| https://www.pcrisk.com/removal-guides/22493-insane-ransomware |
| Urls |
Screen |
| http://nv5lbsrr4rxmewzmpe25nnalowe4ga7ki6yfvit3wlpu7dfc36pyh4ad.onion/ |
Screen |
| http://gfksiwpsqudibondm6o2ipxymaonehq3l26qpgqr3nh4jvcyayvogcid.onion/ |
Screen |
| http://gfksiwpsqudibondm6o2ipxymaonehq3l26qpgqr3nh4jvcyayvogcid.onion/Insane.html |
Screen |
| http://nv5lbsrr4rxmewzmpe25nnalowe4ga7ki6yfvit3wlpu7dfc36pyh4ad.onion/Insane.html |
Screen |
| http://r2ad4ayrgpf7og673lhrw5oqyvqg4em2fpialk7l7gxkasvqkqow4qad.onion/ |
Screen |
| http://r2ad4ayrgpf7og673lhrw5oqyvqg4em2fpialk7l7gxkasvqkqow4qad.onion/Insane.html |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2024-01-16 |
JspPharma data |
|
Screen |
| 2024-01-16 |
Victim list |
|
Screen |