In the past several weeks, more than a half a dozen new ransomwares have been found and analyzed by researchers. Some of them are ransomware as a service that is being spread by third parties. Here is a shortlist and explanation of the newest ones:
- AgeLocker Ransomware, which reportedly uses the ‘Age’ encryption tool created by a Google employee. The attackers send an email demanding 7 BTC (approximately $64,000) for decryption. It is still unclear how the attackers are spreading AgeLocker.
- Conti Ransomware, Conti appears to be the successor to the Ryuk Ransomware but with some added features. The new version can perform up to 32 simultaneous encryption efforts and conduct attacks on corporate networks. A unique feature is that it exploits the Windows Restart Manager to force a user into saving their files to maximize the damage.
- ThiefQuest. ThiefQuest is a new ransomware that not only encrypts data but also installs a keylogger, a reverse shell, and attempts to wipe any cryptocurrency wallet related files.
- Wasted Locker. Found around may, it seems to be only targeting Fortune 500 companies in the U.S. and demands multimillion-dollar ransoms.
- Try2Cry. This ransomware leverages infected USB flash drives and Windows shortcuts to spread its malware.
- FileCry. Possibly named after the WannaCry malware, this new one-acts a little amateurish with its encryption algorithm being very plain. The decryption key is already available for free.
- Aris Locker. This ransomware uses an AES-256 encryption algorithm to lock files and claims that if anyone is alerted, the encrypted data will be deleted forever. Aris Locker is spread through multiple techniques and demands a $75 ransom via BTC within the first week, or the price goes up.