Rancoz is a ransomware family referenced in reporting on observed attacker tradecraft. The provided content states that Rancoz employs drive enumeration to locate files for encryption, specifically enumerating drive types including remote drives (DRIVE_REMOTE) to identify encryption targets. It was observed in the third quarter of 2023 but not in the fourth quarter of 2023. No specific threat actor attribution, infection vector, targeted industries, platforms, ransom-note details, or indicators of compromise are provided in the source content.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Similarly, Rancoz ransomware employs drive enumeration... to locate and target files for encryption
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ransomware family mentioned as observed in Q3 2023 but not observed in Q4 2023.
Ransomware that enumerates local/remote drives (including network shares) to identify files for encryption.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.