Posts in Ransomware Variants
MoneroPay

MoneroPay targets Windows OS and was initially distributed on the BitCoinTalk Forum through malicious links in posts advertising a digital wallet for a supposedly new cryptocurrency called SpriteCoin. In reality, though, SpriteCoin is a fictional cryptocurrency conjured up by those behind this ransomware campaign for the purpose of tricking cryptocurrency enthusiasts and investors into installing the ransomware.

Read More
HC7

HC7, also referred to as HC7 GOTYA, targets Windows OS and is distributed manually via Remote Desktop protocol (RDP). Once one system is infected, the ransomware uses the PsExec tool to spread to other systems on the network.

Read More
qkG

The variant qkG targets Microsoft Office documents and infects Microsoft Word’s default template, normal.dot, upon which all new, blank Word documents are based.

Read More
Ransomware VariantsNJCCICqkG
Ordinypt

Although Ordinypt is classified as a ransomware variant, it is actually falls into a new category of destructive malware known as a data wiper. Instead of encrypting files, this program actually destroys data by replacing file contents with randomly generated uppercase and lowercase letters and numbers.

Read More
LockCrypt

LockCrypt targets unsecured Windows enterprise servers via Remote Desktop Protocol (RDP) brute-force attacks. It the ransomware appends .lock to the names of files and drops a ransom note named ReadMe.TxT onto the infected system.

Read More
GIBON

GIBON targets Windows OS and is distributed via a malicious spam campaign that utilizes macros within attached documents to download and install the ransomware. It has also been marketed and sold on underground criminal forums since as early as May 2017.

Read More
Magniber

Magniber targets Windows OS and is distributed via the Magnitude exploit kit. Although this is a different and unique ransomware variant, some analysts believe that Magniber is a successor to the Cerber variant, as its payment system and the files it targets in its encryption process are the same.

Read More
Anubi

Anubi targets Windows OS and its distribution method is currently unknown. It maintains persistence in an infected system by setting an autorun in the Windows Registry to start automatically upon user login.

Read More
RedBoot

RedBoot targets Windows OS and its distribution method is currently unknown. When a system becomes infected, RedBoot extracts 5 files into a random folder within the originating directory from which the ransomware's executable was originally launched.

Read More