large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Ransomware

Ransomware Description
Dharma - Ransomware The ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Ryuk - Ransomware The ransomware uses AES and RSA encryption and demands between 15 and 50 Bitcoin for the decryption key. The malicious software kills hundreds of processes and services and also encrypts not only local drives but also network drives. The attacks are reported to be targeted at organizations that are capable of paying the large ransom demanded.
LockerGoga - Ransomware The ransomware, also known as Worker32, uses both AES and RSA encryption and appends ".locked" to infected files. The ransom note dropped by the malware reports to decrypt 2-3 random files for free and requires the victim to contact the threat actor by email. The note goes on to say the price to decrypt all encrypted files is determined by how fast the victim contacts the ransomware author.
MegaCortex - Ransomware The ransomware appends ".aes128ctr" to infected files and requires the victim to email the threat actor for the decryption key. The malware is affecting companies in multiple countries by using the companies Microsoft Windows domain controllers to distribute the ransomware to all workstations.
Sodinokibi - Ransomware The ransomware appends a random extension to encrypted files and reports to double the price of the ransom if not paid on time. The malware is actively being distributed in the wild through Managed Service Providers, taking advantage of server flaws, spam campaigns, and through exploit kits.
Maze - Ransomware The ransomware uses RSA-2048 and ChaCha20 encryption and requires the victim to contact the threat actor by email for the decryption key. The threat actors behind the malware are known to have attacked multiple sectors including government and manufacturing and threaten to release the company's data if the ransom is not paid.
DoppelPaymer - Ransomware The ransomware uses AES-256 and RSA-2048 encryption and demands 2 Bitcoin for the decryption key.
Snake - Ransomware The ransomware uses AES-256 and RSA-2048 encryption and requires the victim to email the threat actor for the decryption key. Snake uses a high level of obfuscation and is written in the Golang programming language. The malware kills many processes including those related to SCADA and ICS systems, VMs, and various network and remote administration tools.
Ragnar Locker - Ransomware The ransomware will perform reconnaissance on the targeted network, exfiltrate sensitive information, and then notify the victim the files will be released to the public if the ransom is not paid. The threat actor behind the malware is known to demand hundreds of thousands of dollars and creates a ransom note that includes the company name. The ransomware targets remote management software used by managed service providers and enumerates all running services on the infected host and stop service...
Mailto - Ransomware The ransomware, also known as Netwalker, targets enterprise networks and encrypts all Microsoft Windows systems found. The malware was detected in August 2019 with new variants discovered throughout the year including into 2020. The ransomware appends a random extension to infected files and uses Salsa20 encryption.