Finding ransomware... Today, ransomware has become one of the most important threats faced by enterprises. A large amount of valuable data is locked by it, and the ransom paid for it is also very considerable. Cyphort has summarized a series of ransomware behavior characteristics, hoping to help everyone take the initiative in the fight against ransomware.
Jigsaw Deleting files regularly creates a sense of urgency to urge victims to pay the ransom faster. Jigsaw ransomware deletes an encrypted file on the computer for every hour that the victim's ransom is not received - even if the ransom is paid later, it cannot be recovered. In addition, Jigsaw will delete an additional 1,000 files every time the victim restarts the computer and logs into Windows.
Petya To encrypt the entire drive, Petya ransomware directly encrypts the Master File Table, which contains information about the allocation of files and folders.
RansomWeb, Kimcilware Encrypting Web server data. RansomWeb and Kimcilware ransomware families both adopted this unusual method of wreaking havoc, namely, based on Web servers rather than client computers. They infect and encrypt website databases, Web servers and hosted files, and demand that website administrators pay them a ransom.
DMA Locker, Locky, Cerber and CryptoFortress Encrypts data on network drives - even unmapped drives. DMA Locker, Locky, Cerber, and CryptoFortress all walk through all open network Server Message Block (SMB) shares and encrypt any information they find.
Maktub Maktub ransomware compresses files first to increase encryption speed.
The cloud environment is not safe either Delete or overwrite all cloud backups. In the past, it was often safer to back up data to cloud storage and file sharing platforms. However, various new types of ransomware have begun to extend their claws to shared file systems.
SimpleLocker For non-Win platforms, SimpleLocker can encrypt files on Android and Linux systems, while Encode.1 targets Linux, and KeRanger specifically attacks OS X.
Cerber Use the computer speaker to deliver voice messages to the victim. Cerber ransomware generates a VBScript titled "#DECRYPT MY FILES#.vbs" that allows the computer to play random messages to the victim. It can only read English at present, but the decryption website it uses provides 12 language versions. The content it plays includes "Attention! Attention! Attention!" and "Your files, pictures, databases and other important files have been encrypted!"
Tox Ransomware as a service has become a new form of profit in underground forums. It can provide malicious code and infrastructure, urge ransom payments and provide decryption keys to victims. Tox ransomware is a prominent representative in this regard. Original link: The despicable methods that ransomware uses to fool us [Translated by 51CTO. Please indicate the original translator and source as 51CTO.com when reprinting on partner sites] |
<<: IoT devices will surpass smartphones in 2018
>>: Why hasn’t the fourth pole of China’s Internet emerged besides BAT?
Some people say that the National Day Golden Week...
User activation, as a key link in the user growth...
A successful Facebook ad is inseparable from eye-...
Can you control the tiger? Written by Su Chengyu ...
Changsha is a good place for tea tasting and drin...
Recently, Apple released its first quarter financ...
August 16th is Xiaomi's birthday. In the past...
Produced by: Science Popularization China Author:...
On December 10, a middle school student in Fushun...
Nowadays, Baidu's own products are ranking hi...
Many people may think that a set of gameplay must...
I believe everyone knows Zhihu, which gathers pro...
Competition in the mobile phone industry is becom...
Produced by: Science Popularization China Author:...
Picture Book | “Crab Encounter” Spectacular: What...