Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
SamSa - Ransomware The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections. The ransomware was discovered over 2 years with new variants still being released in late 2018.
CryptConsole - Ransomware The ransomware attempts to extort 0.25 bitcoins from the victim and does not encrypt the contents of the file but instead the filename. New variants of the malicious software surfaced in the second quarter of 2018 and demand a ransom of $1000 for the decryption key.
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Matrix - Ransomware The ransomware appeared on the threat landscape two years ago with new variants still being discovered in 2018. Recent variants of Matrix append various extensions including .eman, .itlock, .kok08, and .fastbob. Victims are given 7 days to reach the threat actor by email or bit-message or their decryption key will be deleted.
Jigsaw - Ransomware The ransomware threatens to delete files every hour unless the victim pays the ransom. Victims are infected after being tricked into believing they are downloading fraudulent versions of various software. Variants of the malware also report the encrypted files will be sent to your contacts if the ransom is not paid. New variants of the ransomware continue to be discovered in 2018 and append a range of extensions to infected files including ".fun", ".CryptWalker", ".LolSe...
BTCWare - Ransomware The ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.
Scarab - Ransomware The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
Everbe - Ransomware The ransomware uses AES or DES encryption and appends various extensions to infected files including .everbe, .embrace, .EVIL, .eV3rbe, .pain, .HYENA, and .thunder. The ransom note for some variants report the price of the ransom doubles if not paid within 7 days.
Xbash - Ransomware The malware targets Windows and Linux servers running a range of vulnerable software to turn the computer into a botnet, mine crypto-currency, and install ransomware. Xbash also contains a worm component that has the ability to scan and infect additional computers on internal networks.
GandCrab 5 - Ransomware The ransomware appends random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt infected files. The threat actor demands $800 in either Bitcoin or DASH for the decryption key. GandCrab 5 also scans network shares and mapped drives to find files to encrypt. The threat actors behind the ransomware use a variety of infection vectors including PowerShell, Botnets, Exploit Kits, Trojanized Programs, SpearPhishing, and Remote Desktop.