{"id":3201,"date":"2021-07-05T11:33:42","date_gmt":"2021-07-05T02:33:42","guid":{"rendered":"https:\/\/cyberenso.jp\/?page_id=3201"},"modified":"2021-08-19T14:40:17","modified_gmt":"2021-08-19T05:40:17","slug":"types-of-ransomware","status":"publish","type":"page","link":"https:\/\/cyberenso.jp\/en\/types-of-ransomware\/","title":{"rendered":"Types of Ransomware"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Types of Ransomware<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

There are hundreds of types of ransomware that pose a threat to your organisation and at NCD we are experienced in identifying and understanding the risk posed by these variants.<\/p>

Many ransomware variants encrypt data but have decryption keys available. Other variants encrypt data and \u2018steal\u2019 your data with a threat to expose it publicly, causing more reputational and commercial damage. The latest variants now only exfiltrate huge amounts data without encryption and use social media and personal contact to employees to encourage the victim organisation to pay.<\/p>

NCD support can help you understand the risk posed by particular variants and attackers and identify the best solution to assist in recovery and remediation.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tSodinokibi Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

SODINOKIBI RANSOMWARE (REvil) Introduction Sodinokibi ransomware, which is also known as REvil, made its first appearance in 2019 as it was being distributed via the exploited CVE-2019-2725 vulnerability in Oracle WebLogic server. The threat actors were able to gain access to WebLogic servers with HTTP access.Sodinokibi ransomware is currently the most widespread active ransomware and have been recorded to target<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tDharma Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

DHARMA (CRYSIS) RANSOMWARE Introduction Dharma ransomware which is also known as Crysis made its first appearance in 2016 as it was being manually delivered by exploiting Remote Desktop Protocol (RDP) services via TCP port 3389 and then the target computer would be brute forced to gain access.Attacks involving the Dharma ransomware have been frequent and have been recorded to target<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"Business<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tMatrix Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

MATRIX RANSOMWARE Introduction Matrix ransomware made its first appearance in 2016 as it was being distributed by RIG exploit kits used by the EITest campaign. Although recently the threat actors who are distributing Matrix are following a playbook that is based on the playbook used by the SamSam Group. Attacks involving the Matrix ransomware have been infrequent and have been<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tRyuk Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

RYUK RANSOMWARE Introduction Ryuk ransomware made its first appearance in 2018 as it was being distributed by spam emails that had the Ryuk dropper attached. Then the dropper would download Trickbot or Emotet as well as downloading the ransomware. Attacks involving the Ryuk ransomware have been frequent and have been recorded to target organisation of medium to large size from<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tEgregor Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

EGREGOR RANSOMWARE Introduction Egregor ransomware made its first appearance in 2020 as it was being distributed by phishing emails that has a malicious attachment. Attacks involving the Egregor ransomware have been frequent and have been recorded to target organisation of medium to large size from many countries including US, Japan, and UK. There is no decryptor for any of the<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tConti Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

CONTI RANSOMWARE Introduction Conti ransomware made its first appearance in 2020 as it was being distributed by phishing emails containing a link to Google Drive which stores the initial payload. Conti ransomware is currently the second most common active ransomware family and have been recorded to target organisations of medium to large size from many countries. There is no decryptor<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tNephilim Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

NEPHILIM (NEFILIM) RANSOMWARE Introduction Nephilim ransomware, which is also known as Nefilim, made its first appearance in 2020 as it was being distributed through the targeting vulnerabilities in Citrix gateway devices. Attacks involving the Nephilim ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries. There is no decryptor for any<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tLockBit Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

LOCKBIT RANSOMWARE Introduction LockBit ransomware, formerly known as ABCD ransomware made its first appearance in 2019 as it was being distributed by phishing emails and brute force attacks on exposed machines. Attacks involving the LockBit ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries including United States, China, India, Indonesia,<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tPhobos Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

PHOBOS RANSOMWARE Introduction Phobos ransomware made its first appearance in 2018 as it was being distributed by exploits Remote Desktop Protocol (RDP) and poorly secured RDP credentials. Attacks involving the Phobos ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries. There is no decryptor for any of the active variants<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tRapid Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

RAPID RANSOMWARE Introduction Rapid ransomware made its first appearance in 2017 as it was being distributed through phishing campaigns of Fake Internal Revenue Service (IRS) emails with a malicious zip attachment. Attacks involving the active variants of Rapid ransomware have been frequent and have been recorded to target organisations of small to medium size from many countries including USA and<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t

\n\t\t\t\t\n\t\t\t
\"\"<\/div>\n\t\t<\/a>\n\t\t\t\t
\n\t\t\t\t

\n\t\t\t\n\t\t\t\tGlobeImposter Ransomware\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t
\n\t\t\t

GLOBELIMPOSTER RANSOMWARE Introduction GlobeImposter ransomware made its first appearance in 2017 as it was being distributed through a \u201cBlank Slate\u201d phishing campaign with a malicious ZIP file attachment. Attacks involving the GlobeImposter ransomware have been frequent and have been recorded to target organisations of any size from many countries especially the United States, and countries in Europe and Asia There<\/p>\n\t\t<\/div>\n\t\t\n\t\t\n\t\t\tRead More \u00bb\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>\n\t\t\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Types of Ransomware There are hundreds of types of ransomware that pose a threat to your organisation and at NCD we are experienced in identifying and understanding the risk posed by these variants. Many ransomware variants encrypt data but have decryption keys available. Other variants encrypt data and \u2018steal\u2019 your data with a threat to expose it publicly, causing more [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5278,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-3201","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/pages\/3201"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=3201"}],"version-history":[{"count":27,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/pages\/3201\/revisions"}],"predecessor-version":[{"id":5273,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/pages\/3201\/revisions\/5273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5278"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=3201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}