LockCrypt

LockCrypt targets unsecured Windows enterprise servers via Remote Desktop Protocol (RDP) brute-force attacks. It the ransomware appends .lock to the names of files and drops a ransom note named ReadMe.TxT onto the infected system.

Read More
GIBON

GIBON targets Windows OS and is distributed via a malicious spam campaign that utilizes macros within attached documents to download and install the ransomware. It has also been marketed and sold on underground criminal forums since as early as May 2017.

Read More
Magniber

Magniber targets Windows OS and is distributed via the Magnitude exploit kit. Although this is a different and unique ransomware variant, some analysts believe that Magniber is a successor to the Cerber variant, as its payment system and the files it targets in its encryption process are the same.

Read More
Anubi

Anubi targets Windows OS and its distribution method is currently unknown. It maintains persistence in an infected system by setting an autorun in the Windows Registry to start automatically upon user login.

Read More
RedBoot

RedBoot targets Windows OS and its distribution method is currently unknown. When a system becomes infected, RedBoot extracts 5 files into a random folder within the originating directory from which the ransomware's executable was originally launched.

Read More
SynAck

SynAck targets Windows OS and is distributed manually across networks via Remote Desktop Protocol (RDP) compromise. Once SynAck infects a system, it appends a random ten alpha character extension to each encrypted file and drops a ransom note named RESTORE_INFO-[alphanumeric ID number].txt.

Read More
Bit Paymer

Bit Paymer, sometimes written as BitPaymer, targets Windows OS and is distributed via RDP compromise. Once the hackers behind the campaign gain access to an open and exposed RDP endpoint, they move laterally through the targeted network and manually install Bit Paymer on each system they can access.

Read More
Defray

Defray targets Windows OS and is distributed via emails containing malicious Microsoft Word attachments. In August 2017, cybersecurity firm Proofpoint detected two small email campaigns containing Defray targeting individuals and distribution lists within the US and UK healthcare and education sectors, as well as the manufacturing and technology sectors.

Read More
PSCrypt

PSCrypt targets Windows OS and is distributed via Remote Desktop Protocol (RDP) compromise. This variant is based on GlobeImposter 2.0 and it primarily impacted victims within Ukraine when the campaign started on Wednesday, June 21, 2017.

Read More
GPAA

GPAA targets Windows OS and its distribution method is currently unknown. Once a system is infected, it will scramble the names of targeted files and append .cerber6 to the names of the newly encrypted files.

Read More