If you’re currently unfamiliar with the concept of ransomware, consider yourself lucky – it is by far one of the most dangerous threats that Internet users and businesses all over the world face today. Ransomware viruses actually encrypt either certain files on a user’s hard drive or the entire drive, completely blocking access unless the victim pays a “ransom” to their attacker. The amount of the ransom tends to increase as time goes on, giving people an incentive to pay sooner rather than later – especially if they find themselves unable to fix the issue on their own.
Should you become the victim of a ransomware attack, knowing how to identify the particular strain you’ve been hit with is one of the most important parts of being able to fix this problem once and for all.
One of the most common types of ransomware that Internet users face today is called Cerber, officially classified as RANSOM_CERBER.A. What makes Cerber unique is that it actually has a voice feature that reads the on-screen ransom note out loud, as opposed to other strains that make the user read it as plain text. Cerber is also unique because it doesn’t encrypt an entire hard drive, just files it believes will be particularly valuable to the victim. These include files with extensions like DOC, DOCX, PDF, MP3, MOV, MP4, JPG, JPEG and more.
CryptXXX, officially classified as RANSOM_WALTRIX.C, is another common type of ransomware that is regularly updated to make it more difficult for experts to combat. Not only does CryptXXX encrypt a user’s hard drive, but it is unique in that it actually has the ability to lock a user out of their hard drive altogether. When the user boots their affected computer, they are greeted by a screen that prevents their operating system’s desktop from loading at all.
Jigsaw, officially known as RANSOM_JIGSAW.I, is certainly one of the more colorful types of ransomware in existence. In addition to display a message indicating that all photos, videos, documents and other files on a hard drive have been encrypted, Jigsaw displays a graphic of the main villain from the “Saw” series of movies – also appropriately called Jigsaw. Jigsaw also has a built-in timer that counts down the seconds until the ransom is increased, instilling a sense of urgency in the owners of infected computers.
Mircop, also officially classified as RANSOM_MIRCOP.A, uses a particularly unique tactic to scare its victims into paying as much money as possible for the ransom. When the ransom note is displayed on an infected computer, it also displays an image of a hooded figure in a Guy Fawkes mask – similar to the imagery used by the hacker group Anonymous. Even though there is no confirmation that Mircop is affiliated with that group, the implication is there and people tend to react accordingly.
Most interestingly is the fact that in June of 2016, the Mircop strain demanded one of the biggest ransoms for any ransomware attack seen at any point up until now. The ransom note on one victim’s computer demanded 48.48 Bitcoins, which roughly translated to $32,239 at then-current exchange rates.