• This ransomware does not only target resources in network shares such as drives, folders, and files but locks the drive as well. It does this by combining both legitimate and malicious tools.
    Read more   

  • This ransomware does not only target resources in network shares such as drives, folders, and files but locks the drive as well. It does this by combining both legitimate and malicious tools.
    Read more   

  • This backdoor enables the attacker to steal a range of information, including screenshots, audio, and keylogs. It can also execute commands and communicate using encrypted data.
    Read more   

  • This ransomware uses a free photo upload service as its C&C server. This way, it is able to mask its C&C routines.
    Read more   

  • This ransomware uses Pokemon Go probably to hide its true nature. It tries to spread copies of itself on removable drives as PokemonGo.
    Read more   

  • This ransomware, also known as R980 ransomware, resembles some aspects of RANSOM_MADLOCKER as it drops files other than ransom notes. It also avoids certain file paths.
    Read more   

  • This ransomware is written in Jscript, a scripting language designed for Windows. This variant comes from an .
    Read more   

  • This ransomware is believed to be patterned after WALTRIX/CRYPTXXX. It almost has the same routines as the aforementioned ransomware family, save for a few minor differences.
    Read more   

  • This ransomware, seemingly similar to JIGSAW ransomware, threatens to delete one file six hours after non-payment. It threatens to delete all encrypted files after 96 hours of non-payment.
    Read more   

  • This ransomware is delivered as an attached document, via spam email. It disguises itself as a fake Thai customs form.
    Read more