The ransomware targets a range of sectors including healthcare, industrial control, and government. The malicious software seeks out insecure RDP connections as well as vulnerable JBoss systems to carry out its infections.
The ransomware is distributed via spam emails and uses a combination of RSA and AES encryption. The ransomware continues to evolve and has also been circulating as a fake Chrome font pack that is distributed via compromised websites.
The ransomware impersonates Globe ransomware and appends various extensions to encrypted files. The ransomware continues to evolve and multiple variants continue to appear in the wild.
The ever evolving ransomware targets Windows users and does not infect computers using the Russian language. The malware encrypts files located in multiple locations including local and remote drives, removable drives, mapped drives, and un-mapped network shares.
The ransomware demands 0.5 bitcoin for the decryption key and uses AES encryption. The malicious software was first discovered in early 2017 with new variants appearing on a consistent basis.
Cerber continues to evolve and is one of the most complex and sophisticated ransomware families to date. The ransomware is sold to distributors on underground Russian forums.
The ransomware mainly targets South Korean victims and is distributed via the Magnitude exploit kit. The malicious software uses AES encryption and uses four domains for callback to the command and control servers.
The ransomware encrypts files with RSA-2048 encryption and continues to evolve to infect as many users as possible. The malicious software scans the for hundreds of file extensions on the infected host. Some variants report the victim only has 72 hours to pay the ransom or the encrypted files will be destroyed.
The fake ransomware is disk-wiping malware in disguise targeting the financial sector in Latin America. The malicious software is a variant of the original KillDisk malware discovered in late 2015.
The ransomware uses AES encryption and drops a file labeled "GandCrab.exe" on the infected system. The malicious software adds ".GDCB" to encrypted files and is known to be delivered to unsuspecting victims using the RIG exploit kit.