Ransomware attacks vary regularly. During this year experts on information security forecast these attacks will cost companies almost USD $11,000 million. Nevertheless, the rate of infection from consumers are diminishing, because the targets are still small and medium-sized enterprises.

Now, we will see the most used ransomware from last year. This with the purpose to have them on the radar and to make sure we are protected from them.

  • Ryuk
    Ryuk is a variety of ransom software used in guided attacks, based on Hermes’s code 2.1 and the BitPaymer virus. It is usually preceded by malware infections with viruses like Emotet or TrickBot. Two of the most common in 2018. The main characteristic is that it does not deploy in big spam campaigns. It is implanted selectively in organizations that have been infected with the previously named viruses.


  • How to fix it?
    The Ryuk fundamentals use coding RSA-4096 and AES-256 algorithms for the files, creating a RyukReadMe.txt file. Manual processes are not recommended to eliminate it. Automatic, free and highly recommended alternatives are found in the market.


  • Wannacry
    Wannacry, which started its operation in 2017 and found its way into thousands of systems, keeps on having a high rank this year. It works encrypting information from the infected computer and it ends up requesting a ransom charged using Bitcoin. This makes it impossible to trace it.


  • How to fix it?
    Under certain circumstances, it is possible to recover encrypted files using the WanaKiwi program. The computer must not have been rebooted, so the tool works well.


  • Zorro
    This new variant of random software Animus/Aurora encrypts documents using the key RSA-2048 (algorithm of encryptation AES CBC of 256 bits). It works adding an extension to the coded files. It also changes the original file name to its equivalent in hexadecimal. This turns it into an undecipherable file.


  • How to fix it?
    It can be persistent. Zorro tends to come back if it is not eliminated completely.  Highly recommended alternatives are found in the market for example ShadowExplorer and some others.


  • Ransomware attacks are becoming common on smartphones
    The ransomware in Android does not reach the same scale as in an office personal computer. Nevertheless, new specific types of ransomware are being created for mobile devices, these are designed to attack its functions and vulnerabilities.


  • Triout
    It was discovered for the first time by Bitdefender, it disguises itself as a clone of legitimate application. It is able to register all the information and to send it to external servers.


  • How to fix it?
    On your phone turn the safe mode on. Once you see safe mode go to Adjustments> Applications> downloaded Applications. We will try to eliminate applications, we believe, should not be there. If none of the above works, try a factory reset.

The ransomware is not going to disappear in the short term. The best way to be protected against it, is when users are aware and they learn what is, how it infects a computer and to know they should contact a professional if there is an infected file.

  • Biography

Kate O’Flaherty, 2018. Forbes, “How To Survive A Ransomware Attack — And Not Get Hit Again”, Recuperado de https://www.forbes.com/sites/kateoflahertyuk/2018/08/17/how-to-survive-a-ransomware-attack-and-not-get-hit-again/#3eb1bc5f6cd3

Ms. Smith, 2019. CSO, “Major US newspapers crippled by Ryuk ransomware attack”, Recuperado de https://www.csoonline.com/article/3330645/major-us-newspapers-crippled-by-ryuk-ransomware-attack.html

Adam Kujawa, 2019. Malwarebytes, “Ryuk ransomware attacks businesses over the holidays”, Recuperado de https://blog.malwarebytes.com/cybercrime/malware/2019/01/ryuk-ransomware-attacks-businesses-over-the-holidays/

Lawrence Abrams, 2018. Bleepingcomputer, “Aurora / Zorro Ransomware Actively Being Distributed”, Recuperado de https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/

× ¡Let's talk!