Ransomware Types

Below are the known ransomware types at 22 June 2016. More will undoubtedly be added to this list as time moves on. Click the image below for a timeline.

ransomware types

    • FBI Ukash MoneyPak
    • “The FBI Ukash MoneyPak is one of the most aggressive ransomware types, that locks you out of your computer and your applications until you pay a “ransom” of $100/$200 via MoneyPak/Ukash/PaySafeCard. This infection is typically installed onto a computer when the user visits an infected website that contains malicious ransomware types - fbiscripts which could exploit vulnerabilities from the browser or the installed plug-ins.Once installed, the FBI Ransomware will be configured to start automatically when you login to Windows” ~ http://bit.ly/298TbWg
    • Cryptolocker
    • No wonder street crime is down. If you want to make a dishonest living, cybercrime is the place to be. According to a Dell SecureWorks report by Keith Jarvis, the creators of the notorious CryptoLocker ransomware virus may have made as much as $30 million in a mere 100 days. ~  Dave Jeffers, BrandPost
    • Jigsawransomware types - jigsaw
    • “Jigsaw not only threatens the permanent loss of personal data, it also holds out the fear that victims’ dirty laundry will be published for all to see. And it uses a taunting tone when notifying people of their options” – http://bit.ly/298Szjx
    • Cryptowall
    • The malware poses the same threat as the current kingpin of crypto-ransomware, CryptoWall, which Dell SecureWorks recently revealed had infected over 600,000 computers in the six months to August, netting its operators $US1 million through ransom demands that ranged $US100 to $US2000. ~ Dell Secureworks
    • “Between mid-March and August 24, 2014, nearly 625,000 systems were infected with CryptoWall,” the CTU researchers said. “In that same timeframe, CryptoWall encrypted more than 5.25 billion files.” ~ CTU
    • Lockyransomware types - locky
    • “‘Locky’ feels like quite a cheery-sounding name.But it’s also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.You can buy the decryption key from the crooks via the so-called dark web.The prices we’ve seen vary from BTC 0.5 to BTC 1.00 (BTC is short for “bitcoin,” where one bitcoin is currently worth about $400/£280).” ~ http://bit.ly/1SzxL8m
    • Bitcryptransomware types - bitcrypt
    • “The BitCrypt Ransomware is a ransomware that has been associated with threats designed to collect Bitcoins from its victims. The BitCrypt Ransomware encrypts the victims’ files and demands payment in Bitcoin. However, unknown to the BitCrypt Ransomware’s victims, their Bitcoin wallets may already have been cleaned out by a threat associated with the BitCrypt Ransomware. In fact, the BitCrypt Ransomware infection is distributed as a Trojan infection specifically designed to empty the victims’ Bitcoin wallets. It is important to understand that ransomware infections like the BitCrypt Ransomware are not rare and that, in fact, they have increased substantially in number in recent years.” ~ http://bit.ly/29b5Jij
    • Zero Lockerransomware types - zerolocker
    • “Unlike all other file-encrypting ransomware, when ZeroLocker starts it does not only target data files. Instead this infection will encrypt allfiles on your C:\ drive, including executables, with AES encryption unless they are located in certain folders or are larger than 20 MegaBytes. The folders that are safe from encryption are ones that contain the keywords: Windows, WINDOWS, Program Files,ZeroLocker, and Desktop. Any files that are encrypted, will have .encrypted appended to their filename. When it has finished encrypting your files, it will then run the C:\Windows\System32\cipher.exe /w:C:\ command, which will overwrite all deleted data on your C:\ drive. This makes it so you are unable to use file recovery tools to restore your files. It will create the C:\ZeroLocker folder and store various files and the decryptor executable called ZeroRescue.exe. This file will be set to start automatically via Registry entry when you login to your computer.” ~http://bit.ly/29ilrJx
    • Kovter
    • “Kovter, a recently discovered piece of ransomware, represents the latest step in the evolution of a malicious program from police scareware to ad fraud Trojan and now file-encrypting malware.Spotted for the first time in 2013, when it was acting as police scareware, Kovter used a polymorphic executable that persisted on the infected machine…” ~http://bit.ly/29n4LAi
    • Xorist
    • The Xorist builder, sold to anyone that wants to enter a life of cyber-crime, allows the crook to customize this file extension at will, along with many more other options. The encrypted file extension is important because users and tech support experts google the term to find out what the ransomware’s name is. ~ Softpedia News
    • Crowti
    • Microsoft notes in its writeup on Crowti that it “deletes shadow files to stop you from restoring your files from a local backup”