large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
SamSa - Ransomware The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections. The ransomware was discovered over 2 years with new variants still being released in late 2018.
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Matrix - Ransomware The ransomware appeared on the threat landscape two years ago with new variants still being discovered in 2018. Recent variants of Matrix append various extensions including .eman, .itlock, .kok08, and .fastbob. Victims are given 7 days to reach the threat actor by email or bit-message or their decryption key will be deleted.
Jigsaw - Ransomware The ransomware threatens to delete files every hour unless the victim pays the ransom. Victims are infected after being tricked into believing they are downloading fraudulent versions of various software. Variants of the malware also report the encrypted files will be sent to your contacts if the ransom is not paid. New variants of the ransomware continue to be discovered in 2018 and append a range of extensions to infected files including ".fun", ".CryptWalker", ".LolSe...
Fake Globe - Ransomware The ransomware impersonates Globe ransomware and appends various extensions to encrypted files. The ransomware continues to evolve and multiple variants continue to appear in the wild. The malicious software is also known as Globe Imposter, Ox4444, and GUST. Victims are required to email the threat actor for the decryption key to gain access to the encrypted files.
Scarab - Ransomware The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
Stop - Ransomware The ransomware uses AES encryption and adds a range of extensions including ".STOP", ".SUSPENDED", ".DATASTOP", ".PAUSA", ".CONTACTUS", ".WHY", ".KEYPASS", and ".SAVEfiles" to infected files. The malicious software was discovered at the end of 2017 with new variants appearing on the threat landscape throughout 2018.
Kraken Cryptor - Ransomware The ransomware appends random extensions to encrypted files and requires the victim to email the threat actor for the decryption key. Some variants of the malware are disguised as the SuperAntiSpyware anti-malware application in an attempt to deceive users. Kraken Cryptor was discovered in the summer of 2018 and continues to evolve with new variants discovered on a regular basis.
GandCrab 5 - Ransomware The ransomware appends random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt infected files. The threat actor demands $800 in either Bitcoin or DASH for the decryption key. GandCrab 5 also scans network shares and mapped drives to find files to encrypt. The threat actors behind the ransomware use a variety of infection vectors including PowerShell, Botnets, Exploit Kits, Trojanized Programs, SpearPhishing, and Remote Desktop.
CommonRansom - Ransomware The threat actor behind the ransomware gives the user 12 hours to pay the ransom or the decryption key will be deleted. The malware also requires the victim to allow the threat actor access to the infected computer via RDP to decrypt the encrypted files after the ransom has been paid.