Item #: SCP-XXXX

Object Class: Safe

Special Containment Procedures: A copy of SCP-XXXX-A is to be kept on a USB drive located in a standard containment locker in Site-15. Testing of SCP-XXXX-A may occur only with written approval from, and subject to guidelines provided by, the Records and Information Security Administration (RAISA). Foundation webcrawlers are to monitor information security-related blogs and the social media accounts of security researchers for mentions of the string "EntropyLock" or any reports of malware resembling SCP-XXXX-A.

A copy of SCP-XXXX-B is to be kept on a USB drive located in a standard containment locker in Site-15. SCP-XXXX-B shall be removed from this containment locker only during testing of SCP-XXXX-A.

SCP-XXXX-C instances shall undergo standard information review/redaction processes when discovered. Instances that have been deemed or rendered acceptable for release are to be stored in a dedicated subdirectory on the Site-15 general network share. Access to the subdirectory shall be restricted to Foundation personnel of level 3 or above, or to level 2 personnel who have been certified for research into multiversal anomalies.

SCP-XXXX-D is to be monitored by embedded Foundation operatives. Should any software with behavior similar or identical to that of SCP-XXXX-A attempt to connect, Mobile Task Force Mu-4 ("Debuggers") shall be dispatched to the physical location corresponding to the origin address for purposes of investigation and/or containment. The routing tables for Site-15 network infrastructure devices shall be configured to route any packets with a destination address of SCP-XXXX-D to a RAISA network monitoring system unless otherwise required for testing purposes.

Description: SCP-XXXX is the collective designation for an anomalous malware application called "EntropyLock", and certain files produced by it.

SCP-XXXX-A is the designation for the malware application proper. SCP-XXXX-A is a Windows application that functions similarly to non-anomalous ransomware1 in its operation; however, when it attempts to encrypt files that contain certain binary strings, these files will become instances of SCP-XXXX-C upon decryption. (See Document XXXX-3 for a full list of strings known to trigger the creation of SCP-XXXX-C instances.) While still encrypted by SCP-XXXX-A, files meeting any of the above conditions will display no anomalous properties.

Reverse engineering of SCP-XXXX-A has shown that it utilizes a non-standard cryptosystem when encrypting and decrypting files. This cryptosystem appears to utilize a form of asymmetric cryptography much like RSA, but the mathematics involved appear fundamentally self-contradictory. Attempts to analyze the cryptosystem itself have met with minimal success.

SCP-XXXX-A will shut down prior to encrypting any files if it determines that it is being run on a computer system physically located within the borders of the Russian Federation, or if the system language is set to Russian.

SCP-XXXX-B is the designation for the command and control server utilized by SCP-XXXX-A to retrieve decryption keys once it confirms remittance of the ransom payment. It is not considered to be anomalous.

SCP-XXXX-C is the designation for files that have been encrypted and subsequently decrypted by the SCP-XXXX-A cryptosystem and contained any of the binary strings listed in Document XXXX-3 prior to encryption. SCP-XXXX-C instances are anomalously altered variations on the original file, the contents of which bear a thematic resemblance to the original in nearly all situations. At least 60% of SCP-XXXX-C instances are believed to contain data originating from an alternate universe or universes.

The full SCP-XXXX-C instance log is available from the SCP-XXXX research lead upon request.

SCP-XXXX-D is the designation for the IPv4 address assigned to SCP-XXXX-B prior to containment. It is not considered to be anomalous.

History: SCP-XXXX was first encountered when it was uploaded to a Project Aristaeus56 honeypot server on 201█-██-██, ██:██ UTC. According to server logfiles, a remote attacker connected through what was later determined to be an open proxy located in Latvia and attempted to use the Aristaeus server to mail a PDF document containing SCP-XXXX-A to officials of the United States ██████████ █████ before disconnecting from the server. The attacker was eventually identified as █████ ████████████, a Russian national suspected of having FSB ties. Interrogation of ████████████ revealed that he created the SCP-XXXX-A cryptosystem due to a distrust of publicly known ones, but despite this had no knowledge of SCP-XXXX's anomalous properties nor any intent to create such. ████████████ was administered Class B amnestics and released from custody.

Addendum: Researcher's Note

Part of me wants to believe that what we're seeing is something like SCP-033, but there's no way that could get onto the Internet without doing the kind of damage we could never hope to contain. Nevertheless, "the square root of negative Theta Prime" is the only way I can think to describe what I'm seeing here. The level of mathematical incoherence that this would otherwise demonstrate…

Let me put it this way. The anomalous part of this skip has nothing to do with the multiversal output thing. The anomalous part is that it produces anything at all.

-██████ ███████, RAISA staff researcher