Types of Ransomware

There are hundreds of types of ransomware that pose a threat to your organisation and at NCD we are experienced in identifying and understanding the risk posed by these variants.

Many ransomware variants encrypt data but have decryption keys available. Other variants encrypt data and ‘steal’ your data with a threat to expose it publicly, causing more reputational and commercial damage. The latest variants now only exfiltrate huge amounts data without encryption and use social media and personal contact to employees to encourage the victim organisation to pay.

NCD support can help you understand the risk posed by particular variants and attackers and identify the best solution to assist in recovery and remediation.

Sodinokibi Ransomware

SODINOKIBI RANSOMWARE (REvil) Introduction Sodinokibi ransomware, which is also known as REvil, made its first appearance in 2019 as it was being distributed via the exploited CVE-2019-2725 vulnerability in Oracle WebLogic server. The threat actors were able to gain access to WebLogic servers with HTTP access.Sodinokibi ransomware is currently the most widespread active ransomware and have been recorded to target

Read More »

Dharma Ransomware

DHARMA (CRYSIS) RANSOMWARE Introduction Dharma ransomware which is also known as Crysis made its first appearance in 2016 as it was being manually delivered by exploiting Remote Desktop Protocol (RDP) services via TCP port 3389 and then the target computer would be brute forced to gain access.Attacks involving the Dharma ransomware have been frequent and have been recorded to target

Read More »
Business vector created by macrovector - www.freepik.com

Matrix Ransomware

MATRIX RANSOMWARE Introduction Matrix ransomware made its first appearance in 2016 as it was being distributed by RIG exploit kits used by the EITest campaign. Although recently the threat actors who are distributing Matrix are following a playbook that is based on the playbook used by the SamSam Group. Attacks involving the Matrix ransomware have been infrequent and have been

Read More »

Ryuk Ransomware

RYUK RANSOMWARE Introduction Ryuk ransomware made its first appearance in 2018 as it was being distributed by spam emails that had the Ryuk dropper attached. Then the dropper would download Trickbot or Emotet as well as downloading the ransomware. Attacks involving the Ryuk ransomware have been frequent and have been recorded to target organisation of medium to large size from

Read More »

Egregor Ransomware

EGREGOR RANSOMWARE Introduction Egregor ransomware made its first appearance in 2020 as it was being distributed by phishing emails that has a malicious attachment. Attacks involving the Egregor ransomware have been frequent and have been recorded to target organisation of medium to large size from many countries including US, Japan, and UK. There is no decryptor for any of the

Read More »

Conti Ransomware

CONTI RANSOMWARE Introduction Conti ransomware made its first appearance in 2020 as it was being distributed by phishing emails containing a link to Google Drive which stores the initial payload. Conti ransomware is currently the second most common active ransomware family and have been recorded to target organisations of medium to large size from many countries. There is no decryptor

Read More »

Nephilim Ransomware

NEPHILIM (NEFILIM) RANSOMWARE Introduction Nephilim ransomware, which is also known as Nefilim, made its first appearance in 2020 as it was being distributed through the targeting vulnerabilities in Citrix gateway devices. Attacks involving the Nephilim ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries. There is no decryptor for any

Read More »

LockBit Ransomware

LOCKBIT RANSOMWARE Introduction LockBit ransomware, formerly known as ABCD ransomware made its first appearance in 2019 as it was being distributed by phishing emails and brute force attacks on exposed machines. Attacks involving the LockBit ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries including United States, China, India, Indonesia,

Read More »

Phobos Ransomware

PHOBOS RANSOMWARE Introduction Phobos ransomware made its first appearance in 2018 as it was being distributed by exploits Remote Desktop Protocol (RDP) and poorly secured RDP credentials. Attacks involving the Phobos ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries. There is no decryptor for any of the active variants

Read More »

Rapid Ransomware

RAPID RANSOMWARE Introduction Rapid ransomware made its first appearance in 2017 as it was being distributed through phishing campaigns of Fake Internal Revenue Service (IRS) emails with a malicious zip attachment. Attacks involving the active variants of Rapid ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries including USA and

Read More »

GlobeImposter Ransomware

GLOBELIMPOSTER RANSOMWARE Introduction GlobeImposter ransomware made its first appearance in 2017 as it was being distributed through a “Blank Slate” phishing campaign with a malicious ZIP file attachment. Attacks involving the GlobeImposter ransomware have been frequent and have been recorded to target organisations of any size from many countries especially the United States, and countries in Europe and Asia There

Read More »

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.