Top 10 Cryptoware Types August 1, 2016 03:00 PM 1. Locky Locky propagates through spam emails with infected files, and changes all file extensions to .locky. 2. Samas Samas exploits webserver’s vulnerabilities to then spread inside the network 3. Petya Petya propagates via phishing and introduces a new method of overriding hard drive MBR. 4. Cerber Cerber masquerades itself as an Adobe Flash player update, impersonating to a Windows executable to pop up in the next reboot. 5. BART BART – an evolution of Locky from the same creators, distributed through spam email after locky has become well known. BART does not encrypt the files, but creates a password protected archive 6. CTB Locker CTB Locker – spreads via customized deceptive emails. It can encrypt several machines within the same network, and also features a mechanism of recognizing malware analysis programs in order to avoid them (it simply won’t be triggered) 7. CryptXXX CryptXXX – spreads via spam emails. Scans files and adds the .crypt extension. 2.0, 3.0. and 4.0 versions feature immunity against free decryption tools, thus more victims tend to pay the ransom. 8. Unlock 92 Unlock 92 – using RSA-2048 algorithm to encrypt files. Communicates in Russian only. In many cases did not unlock the files though payment was received 9. TeslaCrypt TeslaCrypt - It is typically exploits Adobe vulnerabilities and uses an AES algorithm to encrypt files. 10, Jigsaw Jigsaw – after encrypting the files, begins deleting them in bulks every hour until the ransom is paid (or all at once after 72 hours)