Petronella Blog Archive

Visit our New Blog

Six New Strains of Ransomware

Blog Post

Sometimes it seems like the barrage of new ransomware will never cease. This past week we’ve gotten six new strains, with an older one getting an update and a new ransomware-as-a-service (RaaS).

We’ve talked about Petya previously, it’s the ransomware strain that that overwrites the master boot record, making it impossible for victims to access their hard drive as opposed to encrypting specific files as other ransomware does. In earlier versions Petya could only install itself if the victim had administrative privileges. No administrative privileges meant no ransomware. Petya 2.0 has added a secondary piece of ransomware called Mischa. Basically it works as a two pronged attack, if the malware can’t run Petya due to a lack of administrative privileges, it will then run Mischa, which is more of a traditional form of ransomware.

CryptXXX got an update this week as well. Version 2.0 was put out due to Kaspersky releasing a decryption tool for V1.0. Fortunately, it didn’t take long for Kaspersky to update their software to be able to handle the malware’s update. Speaking of ransomware that has a working decryptor for it, there was a big surge in the Crypren ransomware this week. It’s a typical form that encrypts files and adds the .ENCRYPTED extension.

There also was quite a few strains of malware that targeted specific geographic locations. German Netherlands (GNL) Locker checks a victim’s IP address and only encrypts files if the victim is located in either of those countries. Meanwhile, Shujin attacks users in China while Enigma goes after Russian users, with each strain being written in their respective languages. Both are a little unusual in that cybercriminals tend to avoid both locations.

Finally, the award for most annoying ransomware goes to CryptoHitman. If you recall, we recently warned of Jigsaw, a form of ransomware that uses the Saw horror movie franchise as its theme. Well the cybercriminals behind it are back with a version that uses Agent 47 from the Hitman video game series as its logo. Once a victim’s files are encrypted with the .porno extension, it will then cycle through pornographic images as its lock screen. You couldn’t make it up if you tried.

In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.