Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
SamSa - Ransomware The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Fake Globe - Ransomware The ransomware impersonates Globe ransomware and appends various extensions to encrypted files. The ransomware continues to evolve and multiple variants continue to appear in the wild.
BTCWare - Ransomware The ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.
Cerber - Ransomware Cerber continues to evolve and is one of the most complex and sophisticated ransomware families to date. The ransomware is sold to distributors on underground Russian forums.
Magniber - Ransomware The ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and uses four domains for callback to the command and control servers.
CryptoMix - Ransomware The ransomware encrypts files with RSA-2048 encryption and continues to evolve to infect as many users as possible. The malicious software scans the for hundreds of file extensions on the infected host. Some variants report the victim only has 72 hours to pay the ransom or the encrypted files will be destroyed.
Scarab - Ransomware The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
KillDisk-Dimens - Ransomware The fake ransomware is disk-wiping malware in disguise targeting the financial sector in Latin America. The malicious software is a variant of the original KillDisk malware discovered in late 2015.
GandCrab - Ransomware The ransomware uses AES encryption and drops a file labeled "GandCrab.exe" on the infected system. The malicious software adds ".GDCB" to encrypted files and is known to be delivered to unsuspecting victims using the RIG exploit kit.