Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
SamSa - Ransomware The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.
CryptConsole - Ransomware The ransomware attempts to extort 0.25 bitcoins from the victim and does not encrypt the contents of the file but instead the filename. New variants of the malicious software surfaced in the second quarter of 2018 and demand a ransom of $1000 for the decryption key.
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
BTCWare - Ransomware The ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.
Magniber - Ransomware The ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and uses four domains for callback to the command and control servers.
CryptoMix - Ransomware The ransomware encrypts files with RSA-2048 encryption and continues to evolve to infect as many users as possible. The malicious software scans the for hundreds of file extensions on the infected host. Some variants report the victim only has 72 hours to pay the ransom or the encrypted files will be destroyed.
Scarab - Ransomware The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
GandCrab - Ransomware The ransomware uses AES encryption and drops a file labeled "GandCrab.exe" on the infected system. The malicious software adds ".GDCB" to encrypted files and is known to be delivered to unsuspecting victims using the RIG exploit kit.
Everbe - Ransomware The ransomware uses AES or DES encryption and appends various extensions to infected files including .everbe, .embrace, .EVIL, .eV3rbe, .pain, .HYENA, and .thunder. The ransom note for some variants report the price of the ransom doubles if not paid within 7 days.
GandCrab 4 - Ransomware The ransomware demands $1,200.00 in DASH or Bitcoin for the decryption key and appends ".KRAB" to infected files. The malicious software is capable of sending the IP address, computer name, network name, and username from the compromised host to hard-coded URLs. The ransomware is also programmed to kill a range of processes including msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlwriter.exe, and oracle.exe.