• This ransomware uses a free photo upload service as its C&C server. This way, it is able to mask its C&C routines.
    Read more   

  • This ransomware uses Pokemon Go probably to hide its true nature. It tries to spread copies of itself on removable drives as PokemonGo.
    Read more   

  • This ransomware, also known as R980 ransomware, resembles some aspects of RANSOM_MADLOCKER as it drops files other than ransom notes. It also avoids certain file paths.
    Read more   

  • This ransomware is written in Jscript, a scripting language designed for Windows. This variant comes from an .
    Read more   

  • This ransomware is believed to be patterned after WALTRIX/CRYPTXXX. It almost has the same routines as the aforementioned ransomware family, save for a few minor differences.
    Read more   

  • This ransomware, seemingly similar to JIGSAW ransomware, threatens to delete one file six hours after non-payment. It threatens to delete all encrypted files after 96 hours of non-payment.
    Read more   

  • This ransomware is delivered as an attached document, via spam email. It disguises itself as a fake Thai customs form.
    Read more   

  • This ransomware has the ability to encrypt files found on an affected system. This routine makes these files inaccessible until a ransom is paid.
    Read more   

  • This ransomware is written in Jscript, a scripting language designed for Windows. Particularly, it is for Internet Explorer.
    Read more   

  • This JIGSAW ransomware uses chat support to aid customers in paying the demanded ransom. Previous variants of JIGSAW are known to use scary or porn-related ransom messages.
    Read more