Top 10 Cryptoware Types


1. Locky

Locky propagates through spam emails with infected files, and changes all file extensions to .locky.

2. Samas

Samas exploits webserver’s vulnerabilities to then spread inside the network

3. Petya

Petya propagates via phishing and introduces a new method of overriding hard drive MBR.

4. Cerber

Cerber masquerades itself as an Adobe Flash player update, impersonating to a Windows executable to pop up in the next reboot.


BART – an evolution of Locky from the same creators, distributed through spam email after locky has become well known. BART does not encrypt the files, but creates a password protected archive

6. CTB Locker

CTB Locker – spreads via customized deceptive emails. It can encrypt several machines within the same network, and also features a mechanism of recognizing malware analysis programs in order to avoid them (it simply won’t be triggered)

7. CryptXXX

CryptXXX – spreads via spam emails. Scans files and adds the .crypt extension. 2.0, 3.0. and 4.0 versions feature immunity against free decryption tools, thus more victims tend to pay the ransom.

8. Unlock 92

Unlock 92 – using RSA-2048 algorithm to encrypt files. Communicates in Russian only. In many cases did not unlock the files though payment was received

9. TeslaCrypt

TeslaCrypt - It is typically exploits Adobe vulnerabilities and uses an AES algorithm to encrypt files.

10, Jigsaw

Jigsaw – after encrypting the files, begins deleting them in bulks every hour until the ransom is paid (or all at once after 72 hours)