Types of Ransomeware Attacks | Security Guide

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.


In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

1)Locky

 

Locky is a type of ransomware that was first released in a 2016 attack by an organized group of hackers.

 

With the ability to encrypt over 160 file types, Locky spreads by tricking victims to install it via fake emails with infected attachments. This method of transmission is called phishing, a form of social engineering.

 

Locky targets a range of file types that are often used by designers, developers, engineers, and testers.

 

 

2)WannaCry

 

WannaCry is ransomware attack that spread across 150 countries in 2017.

 

Designed to exploit a vulnerability in Windows, it was allegedly created by the United States National Security Agency and leaked by the Shadow Brokers group. WannaCry affected 230,000 computers globally.

 

The attack hit a third of hospital trusts in the UK, costing the NHS an estimated £92 million. Users were locked out and a ransom was demanded in the form of Bitcoin. The attack highlighted the problematic use of outdated systems, leaving the vital health service vulnerable to attack.

 

The global financial impact of WannaCry was substantial -the cybercrime caused an estimated $4 billion in financial losses worldwide.

 

 

3)Bad Rabbit

 

Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack.

 

During a drive-by ransomware attack, a user visits a legitimate website, not knowing that they have been compromised by a hacker.

 

4)Ryuk

 

Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

 

Ryuk also encrypted network drives.

 

 

5)Troldesh

 

The Troldesh ransomware attack happened in 2015 and was spread via spam emails with infected links or attachments.

 

Interestingly, the Troldesh attackers communicated with victims directly over email to demand ransoms. The cybercriminals even negotiated discounts for victims who they built a rapport with — a rare occurrence indeed.

 

 

6)Jigsaw

 

Jigsaw is a ransomware attack that started in 2016. This attack got its name as it featured an image of the puppet from the Saw film franchise.

 

Jigsaw gradually deleted more of the victim’s files each hour that the ransom demand was left unpaid. The use of horror movie imagery in this attack caused victims additional distress.

 

7)CryptoLocker

 

CryptoLocker is ransomware that was first seen in 2007 and spread through infected email attachments. Once on your computer, it searched for valuable files to encrypt and hold to ransom.

 

Thought to have affected around 500,000 computers, law enforcement and security companies eventually managed to seize a worldwide network of hijacked home computers that were being used to spread Cryptolocker.

 

8)Petya

 

Petya (not to be confused with ExPetr) is a ransomware attack that first hit in 2016 and resurged in 2017 as GoldenEye.

 

Rather than encrypting specific files, this vicious ransomware encrypts the victim’s entire hard drive. It does this by encrypting the Master File Table (MFT) making it impossible to access files on the disk.

 

 

9)GoldenEye

 

The resurgence of Petya, known as GoldenEye, led to a global ransomware attack that happened in 2017.

 

Dubbed WannaCry’s ‘deadly sibling’, GoldenEye hit over 2,000 targets, including prominent oil producers in Russia and several banks.

 

Frighteningly, GoldenEye even forced workers at the Chernobyl nuclear plant to check radiation levels manually as they had been locked out of their Windows PCs.

 

10)GandCrab

 

GandCrab is a rather unsavory ransomware attack that threatened to reveal victim’s porn watching habits.

 

Claiming to have highjacked users webcam, GandCrab cybercriminals demanded a ransom or otherwise they would make the embarrassing footage public.

 

 

File Extensions:

Older Versions - File decryptor Supports:

 

shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote

For newer Versions, the decryptor can't help us because the hacker has the private key for our encrypted files in their server. I encountered .bboo and .cerebro extensions which is of newer versions