What Are the Most Dangerous Ransomware Families Operating Today?
Last week, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency or CISA, advised a congressional gathering that the “American way of life” is currently at risk due to a flurry of new ransomware attacks and the constant threat of a catastrophic attack against America’s critical infrastructure.
Easterly also stated that, “ransomware has become a scourge on nearly every facet of our lives, and it’s a prime example of the vulnerabilities that are emerging as our digital and our physical infrastructure increasingly converge.”
These chilling comments were certainly headline material and come after months of new cyber-attacks that have affected all sectors of the American economy. But just what is ransomware, and what are the dominant variants affecting everyday Americans?
Here is a collection of some of today’s most prolific ransomware families. In other words, these are groupings of similar strains of malicious code thought to be created by the same hackers.
Maze/Egregor: The Maze ransomware family remains a force to be reckoned with as it remains one of the more prolific ransomware affiliate programs. Maze set the online world ablaze in 2019 and “retired” in the top 10 all-time in total infections even though its original incarnation was only active through November 2020. Maze was previously known as ChaCha because of its use of the ChaCha encryption algorithm. Eventually, Maze morphed into Egregor ransomware, which is still very active today.
Dharma/Crysis: Dharma Ransomware is an encryption ransomware Trojan that seems to target only the directories inside the Users directory on Windows. Once infected, encrypted files receive the suffix [bitcoin143@india.com].dharma added to the end of each file’s name.
Variants of Dharma Ransomware will strangely sometimes not have a ransom note.
Dharma Ransomware will not stop the affected system from working properly, but each time a file is added to the targeted directories, it will be encrypted unless the Dharma Ransomware infection is removed. Notable variants of Dharma include Crysis Ransomware and the ironically named newer vairiant, CLEAN Ransomware.
STOP/DJVU: STOP/DJVU ransomware is 2021’s most prolific ransomware family in terms of variants. The base coode uses RSA cryptography algorithm to lock files on a victim’s computer or whole server running Windows OS, rendering files inaccessible. It commonly spreads via malicious email attachments or through shady third-party websites. There are more than 300 variants of this quickly multiplying ransomware strain. Some are: .rivd, .rigd, .koom, and .wiot.
The ransomware uses the four-letter extension to mark affected files and adds about 1-3 new variants a week.
Conti/TrickBot: In December of 2019, Conti Ransomware was first observed and was then connected to the devastating Ryuk ransomware. Like many other groups, these strains operate a Ransomware-as-a-Service (RaaS) and operate a leak site that they leverage against victims for double extortion. While distributed by TrickBot in the past, Conti is often seen now being distributed by IcedID and Bazar.
Ransomware attacks against larger targets tend to make bigger headlines but the far majority of victims are individual computer users. For that reason, it is advised that you regularly scan your computer for all forms of malware and viruses.