Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
SamSa - Ransomware The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.
CryptConsole - Ransomware The ransomware attempts to extort 0.25 bitcoins from the victim and does not encrypt the contents of the file but instead the filename. New variants of the malicious software surfaced in the second quarter of 2018 and demand a ransom of $1000 for the decryption key.
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
BTCWare - Ransomware The ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.
Magniber - Ransomware The ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and uses four domains for callback to the command and control servers.
Scarab - Ransomware The ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
Everbe - Ransomware The ransomware uses AES or DES encryption and appends various extensions to infected files including .everbe, .embrace, .EVIL, .eV3rbe, .pain, .HYENA, and .thunder. The ransom note for some variants report the price of the ransom doubles if not paid within 7 days.
Ryuk - Ransomware The ransomware uses AES and RSA encryption and demands between 15 and 50 Bitcoin for the decryption key. The malicious software kills hundreds of processes and services and also encrypts not only local drives but also network drives. The attacks are reported to be targeted at organizations that are capable of paying the large ransom demanded.
Xbash - Ransomware The malware targets Windows and Linux servers running a range of vulnerable software to turn the computer into a botnet, mine crypto-currency, and install ransomware. Xbash also contains a worm component that has the ability to scan and infect additional computers on internal networks.
GandCrab 5 - Ransomware The ransomware appends random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt infected files. The threat actor demands $800 in either Bitcoin or DASH for the decryption key. GandCrab 5 also scans network shares and mapped drives to find files to encrypt.