Types of Ransomware
There are hundreds of types of ransomware that pose a threat to your organisation and at NCD we are experienced in identifying and understanding the risk posed by these variants.
Many ransomware variants encrypt data but have decryption keys available. Other variants encrypt data and ‘steal’ your data with a threat to expose it publicly, causing more reputational and commercial damage. The latest variants now only exfiltrate huge amounts data without encryption and use social media and personal contact to employees to encourage the victim organisation to pay.
NCD support can help you understand the risk posed by particular variants and attackers and identify the best solution to assist in recovery and remediation.
Sodinokibi Ransomware
SODINOKIBI RANSOMWARE (REvil) Introduction Sodinokibi ransomware, which is also known as REvil, made its first appearance in 2019 as it was being distributed via the exploited CVE-2019-2725 vulnerability in Oracle WebLogic server. The threat actors were able to gain access to WebLogic servers with HTTP access.Sodinokibi ransomware is currently the most widespread active ransomware and have been recorded to target
Dharma Ransomware
DHARMA (CRYSIS) RANSOMWARE Introduction Dharma ransomware which is also known as Crysis made its first appearance in 2016 as it was being manually delivered by exploiting Remote Desktop Protocol (RDP) services via TCP port 3389 and then the target computer would be brute forced to gain access.Attacks involving the Dharma ransomware have been frequent and have been recorded to target
Matrix Ransomware
MATRIX RANSOMWARE Introduction Matrix ransomware made its first appearance in 2016 as it was being distributed by RIG exploit kits used by the EITest campaign. Although recently the threat actors who are distributing Matrix are following a playbook that is based on the playbook used by the SamSam Group. Attacks involving the Matrix ransomware have been infrequent and have been
Ryuk Ransomware
RYUK RANSOMWARE Introduction Ryuk ransomware made its first appearance in 2018 as it was being distributed by spam emails that had the Ryuk dropper attached. Then the dropper would download Trickbot or Emotet as well as downloading the ransomware. Attacks involving the Ryuk ransomware have been frequent and have been recorded to target organisation of medium to large size from
Egregor Ransomware
EGREGOR RANSOMWARE Introduction Egregor ransomware made its first appearance in 2020 as it was being distributed by phishing emails that has a malicious attachment. Attacks involving the Egregor ransomware have been frequent and have been recorded to target organisation of medium to large size from many countries including US, Japan, and UK. There is no decryptor for any of the
Conti Ransomware
CONTI RANSOMWARE Introduction Conti ransomware made its first appearance in 2020 as it was being distributed by phishing emails containing a link to Google Drive which stores the initial payload. Conti ransomware is currently the second most common active ransomware family and have been recorded to target organisations of medium to large size from many countries. There is no decryptor
Nephilim Ransomware
NEPHILIM (NEFILIM) RANSOMWARE Introduction Nephilim ransomware, which is also known as Nefilim, made its first appearance in 2020 as it was being distributed through the targeting vulnerabilities in Citrix gateway devices. Attacks involving the Nephilim ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries. There is no decryptor for any
LockBit Ransomware
LOCKBIT RANSOMWARE Introduction LockBit ransomware, formerly known as ABCD ransomware made its first appearance in 2019 as it was being distributed by phishing emails and brute force attacks on exposed machines. Attacks involving the LockBit ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries including United States, China, India, Indonesia,
Phobos Ransomware
PHOBOS RANSOMWARE Introduction Phobos ransomware made its first appearance in 2018 as it was being distributed by exploits Remote Desktop Protocol (RDP) and poorly secured RDP credentials. Attacks involving the Phobos ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries. There is no decryptor for any of the active variants
Rapid Ransomware
RAPID RANSOMWARE Introduction Rapid ransomware made its first appearance in 2017 as it was being distributed through phishing campaigns of Fake Internal Revenue Service (IRS) emails with a malicious zip attachment. Attacks involving the active variants of Rapid ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries including USA and
GlobeImposter Ransomware
GLOBELIMPOSTER RANSOMWARE Introduction GlobeImposter ransomware made its first appearance in 2017 as it was being distributed through a “Blank Slate” phishing campaign with a malicious ZIP file attachment. Attacks involving the GlobeImposter ransomware have been frequent and have been recorded to target organisations of any size from many countries especially the United States, and countries in Europe and Asia There