|Jigsaw - Ransomware
||The ransomware threatens to delete files every hour unless the victim pays the ransom. Victims are infected after being tricked into believing they are downloading fraudulent versions of various software. Variants of the malware also report the encrypted files will be sent to your contacts if the ransom is not paid. New variants of the ransomware continue to be discovered in 2018 and append a range of extensions to infected files including ".fun", ".CryptWalker", ".LolSec", and ".LOCKED_PAY."
|Scarab - Ransomware
||The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
|GandCrab 5 - Ransomware
||The ransomware appends random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt infected files. The threat actor demands $800 in either Bitcoin or DASH for the decryption key. GandCrab 5 also scans network shares and mapped drives to find files to encrypt. The threat actors behind the ransomware use a variety of infection vectors including PowerShell, Botnets, Exploit Kits, Trojanized Programs, SpearPhishing, and Remote Desktop.