Do you know the 12 deadliest strains of ransomware?

by | Mar 6, 2017

Everyone needs to know the strains of ransomware today.

Whether you are a business owner, an employee or a tech, it is absolutely imperative that you are familiar with the latest ransomware developments as well as which industries are currently being targeted. The more informed you are, the better you can protect your business’ data. As you likely know, there are countless forms of ransomware proliferating today. That said, while it is impossible to know every strand, it is important to stay as informed as possible.

Below is a list of the 12 leading strains of ransomware affecting businesses today.  Again, while it is not exhaustive, it is thorough. Take note as to what is out there:

CryptoLocker is the original. Ransomware has been around in some form for well over ten years, but came into the spotlight in 2013, with CryptoLocker. The original malware was shut down by 2014; however, the approach has been widely copied by cybercriminals around the world. So much so, that the word CryptoLocker has become nearly synonymous with ransomware. You know, like Kleenex and tissues.

Cerbe maliciously targets cloud-based Office 365 users and is assumed to have impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup in addition to on-premises.

CryptoWall was originally introduced in 2014. However, we have seen many variants pop up since then, including: Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0.

Crysis is a newer form of ransomware that can encrypt files on fixed, removable and network drives. Unfortunately, itt uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.

CTB-Locker is a clever strain of ransomware. The criminals behind this strain take a different approach to virus distribution, outsourcing the infection process to partners in exchange for a cut of the profits. This strategy allows the malware to achieve large volumes of infections and generate huge profits for the hackers.

Jigsaw is a nasty one. The malware encrypts, then continues to delete files until the ransom is paid. For example, the ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72 hour mark, when all remaining files are deleted. Yikes.

KeRanger isn’t as infamous as some of the other strains. However, it is worth noting as it is the first fully-functioning ransomware designed to lock Mac OS X applications. No one is safe from ransomware.

“Le Chiffre” is very fancy. The name comes from the French noun “chiffrement” meaning “encryption”. It is also the name of the main villain from James Bond’s Casino Royale novel, who kidnaps Bond’s love interest to lure him into a trap and steal his money. Very clever and cultured criminals. Unlike other variants, LeChiffre needs to be run manually on the compromised system. Cyber criminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.

YOU MIGHT ALSO LIKE:  How Scared Should You Be about GoldenEye & Petya Ransomware?

Locky tends to be spread via an email message, disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking 5 million emails associated with Locky campaigns over the course of two days.

TeslaCrypt is another strain of ransomware that uses an AES algorithm to encrypt files.Typically distributed via the Angler exploit kit, this ransomware targets Adobe vulnerabilities. TeslaCrypt installs itself in the Microsoft temp folder. When the time comes for victims to pay up, victims are given options for payment: Bitcoin, PaySafeCard and Ukash. And, who doesn’t love payment options?

TorrentLocker is certainly not new to the malware scene, but the recent version is more destructive than ever. Like the mononucleousis of ransomware, TorrentLocker, in addition to encrypting files, collects email addresses from the victim’s address book to spread malware beyond the initially infected computer and network.

ZCryptor is the last leading strain of ransomware that we’ll look at today. It is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.

And, there we you have. Those are twelve of the leading strains of ransomware that everyone needs to know. Make sure to share this information with your colleagues as awareness and education, along with business continuity, is one of the most important weapons in the ware against ransomware.

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!

subscribe

Business Continuity Newsletter

Join over 17,000 subscribers and receive weekly business continuity news, tips & advice to protect your business.

You have Successfully Subscribed!