What happens to the ransomware after it’s used?
After a ransomware attack, the attacker will typically encrypt the victim’s files and demand a ransom be paid in order to decrypt the files. The victim may or may not have a backup of their files, which will dictate whether or not they will be able to recover from the attack. If the victim does not have a backup, they will likely have to pay the ransom in order to get their files back. After the ransom is paid, the attacker will typically provide the victim with a decryption key that will allow them to decrypt their files. In some cases, the attacker may not provide the key even after the ransom is paid, which can leave the victim’s files permanently encrypted. There have also been cases where the decryption key provided by the attacker does not work, or only partially decrypts the files. In these cases, the victim may be left with permanently encrypted files and no way to recover them. There have been instances where attackers have made ransomware that specifically targets critical infrastructure, such as hospitals. In these cases, the attackers may not release the decryption key even if the ransom is paid, as they may be intending to cause as much damage as possible. There have also been instances of so-called “ransomware as a service”, where attackers will develop and distribute ransomware to others who can then use it to attack victims. In these cases, the original attacker may or may not have any involvement in the actual attack, and may not even know who the victims are..See page
What are the most common ransomware strains?
As of 2019, the most common ransomware strains are: 1. Locky 2. SamSam 3. Crysis 4. Cryptolocker 5. Jigsaw 6. Petya/Mischa 7. Dharma 8.WannaCry 9. Bitpaymer 10. Spora
Locky was first seen in February of 2016, and has since become one of the most common ransomware strains. Locky encrypted over 620,000 files in just one month, and is known for its large-scale attacks. SamSam first appeared in December of 2015, and is known for its targeted attacks against healthcare organizations and government agencies. Crysis first appeared in February of 2014, and is known for its easily-customizable code. Cryptolocker first appeared in September of 2013, and is known for its sophisticated encryption methods. Jigsaw first appeared in April of 2016, and is known for its unique ransom demands. Petya/Mischa first appeared in March of 2016, and is known for its ability to encrypt hard drives. Dharma first appeared in November of 2016, and is known for its wide range of ransom demands. WannaCry first appeared in May of 2017, and is known for its large-scale attacks. Bitpaymer first appeared in August of 2017, and is known for its targeted attacks against large organizations. Spora first appeared in January of 2017, and is known for its unique payment system.
All material on this site was made with malwarezero.org as the authority reference. Learn more.