Common Ransomware Scams

The goal of this post is to identify the 15 most common ransomware scams. You will learn about each of these scams, how they work and what they target. Knowing is half the battle.

common ransomware scams


  1. Locky’s- Locky’s is similar to many other types of ransomware. This common ransomware scam spreads via an email message, that is disguised as an invoice. When the malware is opened, the invoice is scrambled and the victim is instructed to enable macros in order to read the document. However, when macros are enabled, Locky begins encrypting a large number of file types using AES encryption.

2. NotPetya- NotPetya is a malware known as a wiper with a sole purpose of destroying data instead of obtaining a ransom.

3. Petya- Unlike other types of ransomware, Petya encrypts entire computer systems. Petya overwrites the master boot record, rendering the system unbootable.

4. Spider- Spider is spread via spam emails across Europe. Spider is hidden in Microsoft Word documents that install the ransomware on a victim’s computer when downloaded. The Word document is disguised as a debt collection notice, which contains malicious macros. When the macros are executed, the ransomware begins to encrypt the victim’s data.

5. TeslaCrypt- TeslaCrypt is new on the scene. TeslaCrypt uses the AES algorithm to encrypt files. The malicious malware is typically spread via the Angler exploit kit, which specifically attacks Adobe vulnerabilities. Once exploited, TeslaCrypt installs itself in the Microsoft temp folder.

6. TorrentLocker- TorrentLocker is distributed through spam emails and is geographically targeted to specific regions. TorrentLocker is often referred to as CryptoLocker and uses the AES algorithm to encrypt files while also encoding files.TorrentLocker collects email addresses from the victim’s address book to spread the malware beyond the initially infected computer.

7. WannaCry- WannaCry is becoming an epidemic and has affected organizations all over the globe. The ransomware has hit over 125,000 organizations in 150 countries. The Wanna cry strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue.

8. ZCryptor- ZCryptor is a self-propagating malware strain that acts like a worm. The malware encrypts files while also infecting external drives and flash drives so it can be distributed to other computers.

9. Bad Rabbit- Bad Rabbit is a sort of ransomware that has infected organizations in Russia and Eastern Europe. Bad Rabbit is spread through a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, the users are taken to a payment page demanding .05 bitcoin (around $285).

10. Le Chiffre- “Le Chiffre”, which in French means “encryption”. Unlike other ransomware, LeChiffre is run manually on the compromised system. Cybercriminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.

11. Jigsaw- Jigsaw encrypts and progressively deletes files until a ransom is paid. The ransomware deletes a single file after the first hour, then deletes more per hour until the 72-hour mark, when all the files that are left are deleted.

12. CryptoLocker- The original CryptoLocker botnet was shut down mid-2014, but not before the hackers behind it extorted $3 million from victims. Since then, hackers have copied the CryptoLocker approach, although the variants in operation today are not linked to the original.

13. CTB-Locker- The criminals behind CTB-Locker used a different approach to spreading malware. Taking a page from the playbooks of Girl Scout Cookies these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.

14. KeRanger- KeRanger is a common ransomware scam that was discovered on a popular BitTorrent client. It’s known as the first fully functioning ransomware designed to lock Mac OS X applications.

15. Cerber- Cerber targets cloud-based Office 365 users and has impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup in addition to on-premises.

If you have any questions about these common ransomware scams or about cyber security in general, please contact us and read our blog on How Ransomware Attacks your Business or our FREE E-Book: The Small Business’ Guide to Ransomware

%d bloggers like this: