Ransomware is malicious software that threatens to block access to or expose a user’s data unless a payment is made to the attacker. According to research by McAfee Labs, the number of new ransomware samples continues to grow at a double-digit rate each quarter.

The following is a list of ransomware recently detected by McAfee Advanced Threat Defense. Learn more about each type of ransomware or download a partial McAfee Advanced Threat Defense threat analysis report to view details, including threat level, behavior classification, and file execution timeline. Ask your McAfee representative for access to full McAfee Advanced Threat Defense reports.


This ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.

Learn More Read Report


Cerber continues to evolve and is one of the most complex and sophisticated ransomware families to date. The ransomware is sold to distributors on underground Russian forums.

Learn More Read Report


This ever-evolving ransomware targets Windows users and does not infect computers using the Russian language. The malware encrypts files located in multiple locations, including local and remote drives, removable drives, mapped drives, and unmapped network shares.

Learn More Read Report


This ransomware encrypts files with RSA-2048 encryption and continues to evolve to infect as many users as possible. The malicious software scans the for hundreds of file extensions on the infected host. Some variants report the victim only has 72 hours to pay the ransom or the encrypted files will be destroyed.

Learn More Read Report

Fake Globe

This ransomware impersonates Globe ransomware and appends various extensions to encrypted files. It continues to evolve and multiple variants continue to appear in the wild.

Learn More Read Report


This ransomware uses AES encryption and drops a file labeled "GandCrab.exe" on the infected system. The malicious software adds ".GDCB" to encrypted files and is known to be delivered to unsuspecting victims using the RIG exploit kit.

Learn More Read Report


This fake ransomware is disk-wiping malware in disguise, targeting the financial sector in Latin America. The malicious software is a variant of the original KillDisk malware discovered in late 2015.

Learn More Read Report


This ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and four domains for callback to the command and control servers.

Learn More Read Report


This ransomware targets a range of sectors, including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.

Learn More Read Report


The ransomware is distributed via spam emails and uses a combination of RSA and AES encryption. It continues to evolve and circulates as a fake Chrome font pack that is distributed via compromised websites.

Learn More Read Report
Trellix Logo

You're exiting McAfee Enterprise.

Please pardon our appearance as we transition from McAfee Enterprise to Trellix.

Exciting changes are in the works.

We look forward to discussing your enterprise security needs.

You will be redirected in 0 seconds. If not, please click here to continue

McAfee Logo