What is ransomware?
Computer security experts abbreviate Ransom malware and thus Ransomware term becomes the popular call out for a virus that prevents users from accessing their files. It demands ransom payment from users in order to regain access to their modified files. Though ransomware is prevalent in the malware community these days, it is evident that this kind of virus was developed as early as 1980’s. Ransom payments are sent via snail mail then. In today’s far more advanced transmission and remittance method, attackers demands that payment be paid via cryptocurrency, bank, or credit card transactions.
Most prevalent ransomware family
Bad Rabbit
A breed of ransomware virus that has targeted organizations in Russia and Eastern Europe. This virus is exploiting Adobe Flash player update to infect vulnerable computer system. As one of the earliest crypto ransomware, it only demands .05 bitcoin as ransom money.
Cerber
This ransom virus has infected huge amount of cloud-based Office 365 users. Cerber was able to spread via phishing campaign, though it is seen to avoid infecting users from certain countries such as Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine or Uzbekistan.
Crysis
A ransomware that can encrypt files of fixed, removable, and network shared drives. Both personal computer users and companies are the target of this hazardous virus. Although there are ways to recover files from earlier variants, whose keys are already published, file recovery for recent attacks are impossible to decrypt at the moment because it is using a more sophisticated RSA encryption keys.
CryptoLocker
Usually, this type of ransomware spreads via spam email messages and often uses visible file types like .DOC and .PDF. Unknown to users, the attached file contain double extension and is also a hidden executable (.EXE). In addition, CryptoLocker authors are also using malicious websites that prompts visitors to download browser plug-in or video player. There is no visible irregularity on the computer during the infection until all files have been encrypted and warning is shown and CryptoLocker itself alert user on ways to recover their files.
CTB-Locker
Attackers behind this CTB-Locker are using a different line of attack to deploy the malware. By using affiliate programs and outsourcing the infection process to a third-party network, CTB-Locker became noteworthy for its high infection rates. CTB-Locker stands for “Curve-Tor-Bitcoin-Locker” where it asserts the use of Elliptic Curve Cryptography (ECC). Though, similar to most ransomware that uses AES encryption algorithm, this ransomware requires ECC public key as means of decryption.
Ransomware Viruses and available decryption tools
ScammerLocker – .jodis file extension
Zenis – .zenis[2 random characters.[12 random characters] file extension
Cassetto – .cassetto file extension
Viro Botnet (Trojan-Ransom.AndroidOS.Pletor) – .enc file extension – Use Rakhni Decryptor Tool
Savefiles – .SAVEfiles file extension
Paydecryption – .brrr file extension
GoodJob24 – .myjob file extension
Pottieq – .pip file extension
Qinynore – .anonymous file extension
DelphiRansomware – .FilGZmsp file extension
Aperfectday2018 – .enc file extension
Dharma-Tron – .tron file extension
DCRT-WDM – .crypt file extension
RotorCrypt – .1C file extension
Suri – .SLAV file extension
Solo – .solo file extension
Mimicry – .good file extension
GusCrypter – .GUSv2 file extension
Outsider – .protected file extension
EbolaRnsmwr – .101 file extension
Stinger – .stinger file extension
FilesL0cker – .locked file extension
BlackRuby2 – .BlackRuby2 file extension
OPdailyaallowance – .CRYPTR file extension
Locked – .lckd file extension
Disrtict – .district file extension
WhiteRose – ._ENCRYPTED_BY.WHITEROSE file extension
Bansomqare Manna – .bitcoin file extension
H34rtBl33d (HeartBleed) – .[six random characters] file extension
ScorpionLocker – .ScorpionLocker file extension
Oxar – .Oxr file extension
[email protected] – .mariabc file extension
Vurten – .improved file extension
SkyFile – .sky file extension
Haxerboi – .haxerboi file extension
Iron – .encry file extension
Ladon – .Ladon file extension
Tron – .Tron file extension
Spartacus – .Spartacus file extension
NMCRYPT – .NMCRYPT file extension
XTBL – .XTBL file extension – Use Shade Decryptor Tool
Satyr – .satyr file extension
MauriGo – .encrypted file extension
BlackHeart – .blackrouter, .pay2me file extension
JabaCrypter – .cryptfile file extension
OBLIVION – .oblivion file extension
PAY_IN_MAXIM_24_HOURS – .PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_DELETED file extension
RandomLocker – .rand file extension
Sequre – .sequre @ tuta.io_[hex_code] file extension
ANDRZEJ DUPA – .ZaszyfrowanePliki file extension
8chan – .[random][email protected], .[random][email protected] file extension
GandCrab 3 – .crab file extension – Use GandCrab Decryption Tool
UselessFiles – .uselessfiles file extension
Greystars – [email protected] file extension
BKRansomware – .hainhc file extension
Horsia – [email protected] file extension
PSCrypt – .docs file extension
RansomAES – .ransomaes file extension
FB Locker – .facebook file extension
Sepsis – .Sepsis @ protonmail.com.SEPSIS file extension
Walker – .JohnnieWalker file extension
Rapid V3 – .rapid file extension
Horsuke – .HORSE, .horsuke @ nuke.africa file extension
Sigrun – .sigrun file extension
Mr.Dec – .[ID][random chracters][ID] file extension
Everbe – .[everbe @ airmail.cc].everbe file extension
CryptON – id.ransomed @ india.com file extension – Use Rakhni Decryptor Tool
PGPSnippet – .decodeme66 @ tutanota_comfile extension
JosepCrypt – .josepfile extension
AES-Matrix – No file extension
Embrace – .[embrace @ airmail.cc].embrace file extension
Magician – .[random characters] file extension
Osk – .OSK file extension
Pain Locker – [email protected]***.lu.pain file extension
Cryptomix – .BACKUP file extension
Aurora – .aurora file extension
Rebus – .rebus file extension
BitPaymer – .locked file extension
CRYbrazil – .crybrazil file extension
DiskDoctor – .DiskDoctor file extension
LockCrypt 2.0 – .id-.BI_D file extension – Use LockCrypt Decryption Tool
Cryptgh0st – .cryptgh0st file extension
Insta – .insta file extension
AdolfHitler – .AdolfHitler file extension
RedEye – .RedEye file extension
GlobeImposter – .emilysupp, .crypt file extension – Use GlobeImposter Decryption Tool
Donut – .donut file extension
Scarab – .fastrecovery @ airmail.cc file extension
Gw3w – .gw3w file extension
DBGer – .dbger file extension
Danger – .fastsupport @ xmpp.jp, .fastrecovery @ xmpp.jp file extension
JungleSec – [email protected] file extension
CyberSCCP – .CyberSCCP file extension
KingOuroboros – .king_ouroboros file extension
AnimusLocker – .animus file extension
Whoopsie – .whoopsie file extension
The Brotherhood – .ransomcrypt file extension
CryptoGod – .locked file extension
RaRansomware – .EGENH file extension
Shrug – .SHRUG file extension
CryptoLite – .encrypted file extension – Use Rakhni Decryptor Tool
BlackFireEye – .jes file extension
Predator The Cipher – .predator file extension
LanRan – .LanRan2.0.5 file extension
Deep – .deep file extension
Desu – .desu file extension
Armage – .armage file extension
Xiaoba 2.0 – .[xiaoba_6x6 @ 163.com]Encrypted_(random ID).XIAOBA file extension
Barracuda – .BARRACUDA file extension
LockyLocker – .locky file extension
Ann – .ANN file extension
BatHelp – .CORE file extension
Anonimus.mr – .anonimus.mr @ yahoo.com file extension
RetwyWare – .killrabbit file extension
RansomWarrior – .THBEC file extension
KEYPASS – .KEYPASS file extension
PrincessLocker – .G8xB file extension
ShutUpAndDance – .ShutUpAndDance file extension
Fox – .FOX file extension
CYBERGOD – .CYBERGOD file extension
RYUK – .ryuk file extension
KrakenCryptor – Lock.onion file extension
ONI – .ONI file extension
PyLocky – .lockedfile file extension