The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.
The ransomware is distributed via spam emails and uses a combination of RSA and AES encryption. The ransomware continues to evolve and has also been circulating as a fake Chrome font pack that is distributed via compromised websites.
The ever evolving ransomware targets Windows users and does not infect computers using the Russian language. The malware encrypts files located in multiple locations including local and remote drives, removable drives, mapped drives, and un-mapped network shares.
The ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and uses four domains for callback to the command and control servers.
The ransomware encrypts files with RSA-2048 encryption and continues to evolve to infect as many users as possible. The malicious software scans the for hundreds of file extensions on the infected host. Some variants report the victim only has 72 hours to pay the ransom or the encrypted files will be destroyed.
The ransomware uses AES encryption and drops a file labeled "GandCrab.exe" on the infected system. The malicious software adds ".GDCB" to encrypted files and is known to be delivered to unsuspecting victims using the RIG exploit kit.
BartCrypt - Ransomware
The ransomware is distributed using malicious email attachments that appear as .zip files. The attacks are reported to be carried out by the same threat actors behind Locky.