Reveton Early (2012)

• In 2012, a major ransomware worm known as Reveton began to spread.

• It is also known as "police trojan".
• Its payload displays a warning from a law enforcement agency.
• Claiming that the computer had been used for illegal activities, such as
downloading pirated software, promoting terrorism, copyright etc.
• The warning informs the user that to unlock their system they would
have to pay a fine.
• To increase the illusion that the computer is being tracked by law
enforcement, the screen also displays the computer's IP address and
footage from a computer’s webcam.
 Crypto Locker (sep 2013)
• A Encrypting ransomware reappeared in 2013.
• Distributed either as an attachment to a malicious e-mail.
• Cryptolocker was also propagated using the Gameover ZeuS.
• Encrypts certain types of files stored on local drives using RSA public-key
cryptography.
• The private key stored only on the malware's control servers.
• Offers to decrypt the data if a payment is made by a stated deadline.
• Threatens to delete the private key if the deadline passes.
• It was isolated in May 2014,when a Gameover botnet was knocked out.
 Torrnet locker (sep 2014)
• TorrentLocker is a type of cryptographic ransomware, which is gaining
increasing popularity nowadays.
• The first modifications of this family were observed in February 2014, and
as of December 2014 at least five major releases of this malware have
been discovered.
• it used the same key stream for every infected computer, making the
encryption trivial to overcome. However, this flaw was later fixed. By
November 2014, it was estimated that over 9,000 users had been
infectedby TorrentLocker in Australia
alone, trailing only Turkey with 11,700 infections
 KeRanger (March 2016)
• KeRanger is a ransomware trojan horse targeting
computers running macOS. Discovered on March 4, 2016,
by Palo Alto Networks, it affected more than 7,000 Mac
users.
• KeRanger is the first malware and ransomeware on the
OS X operating system.It encrypts the Mac user's files
then demands a sum of one Bitcain to decryptthe files. It
appeared on March 2016.
• There is an executable in the .DMG that is disguised as a
Rich Text File.The virus sleeps for three days, then starts
to encrypt the files. It adds a text document for
instructions on how to decrypt the files. It uses 2048-RSA
public key to encrypt the files. It actually is a copy of Linux
Encoder. 1
HOW TO PREVENT BEING A VICTIM?
• Keep all of the software on your computer up to
date.
• Make sure automatic updating is turned on to get all
the latest Microsoft security updates and
browserrelated components (Java, Adobe, and the
like).
• Keep your firewall turned on.
• Don't open spam email messages or click links on
Suspicious websites. (CryptoLocker spreads via.zip
files sent as email attachments, for example.)
 How to Remove?
• Malwarebytes is a great free tool to remove this kind of
malware.
• Malwarebytes will load, update itself, and scan memory, in
case you have malware that is already active.
• Once it has checked for running malware, and got rid of it,
then it scans your hard disk.
• If it finds any malicious files, you can click a button to clean
them up.
• If ransomware is running and has already popped up its
payment demand page, you can stillremove it and clean up,
 but the Virus Removal Tool cannot decrypt your scrambled
files.

How to Remove?
• Even if you don’t have CryptoWall or similar, it is well
worth scanning your computer for malware.

• The criminals are known to be using existing malware

infections as “backdoors” to copyCryptoWall onto victims’
computers.

• I would assume their reasoning is that if you have existing,

older malware that you haven't spottedyet, you probably
won't spot the ransomware either, and you probably won't
have a backup — and that means they're more likely to get
your money later on.