Quite possibly the most devastating malware for victims and most profitable for criminals. This type of malware aims to block access to your data by either encrypting your files or the entire hard drive. To get your data back, victims are forced pay the criminals ransom to get their files back. Historically, ransom payments to cybercriminals was through Ukash and Moneypak, but with the emergence of cryptocurrency and the anonymity and versatility it offers, crypto is now the only payment criminals will take. There is no guarantee that victims will get their files back, but for the most part criminals do decrypt the files or else no one would pay the ransom. This is one of the most popular payloads of choice for criminals and it’s been featured in just about every type of attack vector like email attachments, exploit kits, browser extensions, office macros, Remote Desktop Protocol (RDP), ect. If a cybercriminal has breached your system the most likely end result will be ransomware.
First variants of the original Cryptolocker surfaced in late 2013 and it’s been a major player in the threat landscape ever since. In 2017, WannaCry and NotPetya evolved ransomware when it combined the payload with a wormlike exploit that infected hundreds of thousands of computers in mere hours. Expect for be hearing about ransomware for the foreseeable future.
Below are some of the known ransomware variants: