• This ransomware is a variant of Encryptor RaaS, a popular Ransomware as a Service (RaaS) that came out in July 2015. RANSOM_CRYPRAAS.
    Read more   

  • RANSOM_MIRCOP.F116IL is a variant of RANSOM_MIRCOP.
    Read more   

  • This ransomware does not only target resources in network shares such as drives, folders, and files but locks the drive as well. It does this by combining both legitimate and malicious tools.
    Read more   

  • This ransomware does not only target resources in network shares such as drives, folders, and files but locks the drive as well. It does this by combining both legitimate and malicious tools.
    Read more   

  • This backdoor enables the attacker to steal a range of information, including screenshots, audio, and keylogs. It can also execute commands and communicate using encrypted data.
    Read more   

  • This ransomware uses a free photo upload service as its C&C server. This way, it is able to mask its C&C routines.
    Read more   

  • This ransomware uses Pokemon Go probably to hide its true nature. It tries to spread copies of itself on removable drives as PokemonGo.
    Read more   

  • This ransomware, also known as R980 ransomware, resembles some aspects of RANSOM_MADLOCKER as it drops files other than ransom notes. It also avoids certain file paths.
    Read more   

  • This ransomware is written in Jscript, a scripting language designed for Windows. This variant comes from an .
    Read more   

  • This ransomware is believed to be patterned after WALTRIX/CRYPTXXX. It almost has the same routines as the aforementioned ransomware family, save for a few minor differences.
    Read more