Cybersecurity Glossary
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
ANSSI :The ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) was created in 2009 by the French state. The ANSSI's mission is to defend the State's information systems but also to advise and... |
ASN1 :The ransomware uses asymmetric cryptography and leaves a ransom note called "!!!!!readme !!!!!.htm." The malware requires 0.25 bitcoin for the decryption key and is distributed via the Rig Exploit Kit.... |
Agent Tesla :Tesla agent is an example of an advanced remote access trojan (RAT) that specializes in stealing and infiltrating sensitive information from infected machines. It can collect different types of data,... |
Akbuilder :AKBuilder generates malicious Word documents in Rich Text. Hackers use to package malware samples in booby-trapped documents. These documents are distributed in active email spam campaigns. The exploit... |
Alma Locker :Alma Locker Ransomware is a ransomware Trojan that is currently being delivered to victims by RIG Exploit Kit. Alma Locker Ransomware was first observed in August 2016. The Alma Locker Ransomware attack... |
Alpha Crypt :Alpha Crypt, also known as AlphaCrypt and, incorrectly, Alpha Crypt virus, is a ransomware infection used to hold a victim's computer hostage. Alpha Crypt is a variant of Tesla Crypt (or TeslaCrypt),... |
Ancalog :The exploit creator generates malicious documents, such as Word and PDF documents, Excel workbooks, CHM compiled help files and HTML pages. Most of these serve as downloaders, with the final payload stored... |
AnteFrigus :AnteFrigus is only provided by the RIG exploit kit via redirects from the Hookads malicious ad campaign. Once installed, AnteFrigus attempts to encrypt files on drives D, E, F, G, H, and I and avoids... |
Antivirus :Antivirus software checks files and emails, boot sectors (in order to detect boot viruses), but also the computer's RAM, removable media (USB sticks, CDs, DVDs, etc.), data that pass through any networks... |
B
BandarChor :Discovered by Jakub Kroustek, BandarChor is a new variant of the high-risk ransomware called CryptFile2. Once infiltrated, BandarChor encrypts most stored data, making it impossible to use. During the... |
BartCrypt :BartCrypt (or "Bart") is a ransomware virus distributed using malicious attachments that appear as .zip files. The names of these files often vary (e.g., "pictures.zip", "photos.zip", "images.zip", and... |
Better_call_saul :.Better_Call_Saul is a ransomware distributed via spam emails with infected .doc files attached. After a successful infiltration, this ransomware encrypts various files stored on the system. To encrypt... |
Black Kingdom :Black Kingdom, also known as GAmmAWare, is a malicious program classified as ransomware. Systems infected with this malware undergo data encryption and users receive ransomware demands for decryption... |
BlackByte :BlackByte is a RaaS that uses double extortion as part of its attacks. The threat actors behind this ransomware take a victim-snitching approach, as they operate a Tor .onion auction site where they sell... |
BlackCat :The creators of the BlackCat ransomware offer Ransomware-as-a-Service (RaaS). In other words, they allow other cybercriminals to access their infrastructure and malicious code in exchange for a certain... |
Bleeding-life :The exploit kit has been used in several attack campaigns and focuses on vulnerabilities in several browser plug-ins to infect users. |
BotenaGo :Cybersecurity researchers at AT & T Alien Labs announced they have identified a new family of malware that attacks routers and connected objects (IoT). They've named it BotenaGo. They report that it has... |
Bottle :This is an exploit kit used by ransomware. |
Buran :Buran is a high-risk ransomware distributed using Rig Exploit Kit. It is a new variant of another ransomware infection called Vega. After successfully infiltrating the system, Buran encrypts most of the... |
C
CAPEC :The CAPEC database (Common Attack Pattern Enumeration and Classification) is a community resource for identifying and understanding computer attacks. It consists of listing and classifying common attack... |
CHIP :The ransomware is distributed by the Empire Pack exploit kit and encrypts files with RSA encryption. After a successful infiltration, CHIP encrypts various files and adds the extension ".CHIP". For example,... |
CVE :A CVE (Common Vulnerabilities and Exposures) refers to a security vulnerability that has been assigned an identifier. For each CVE, there will be a short description of the vulnerability or security hole... |
CVSS :The Common Vulnerability Scoring System (CVSS) is a means of capturing the main characteristics of a vulnerability and translating them into a numerical score reflecting its seriousness. This assessment... |
CWE :The CWE (Common Weakness Enumeration) database is a community resource for identifying types of software and hardware weaknesses. This list is maintained by the organization MITRE, the project being supported... |
Capesand :Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). It also exploits a 2015 vulnerability for IE. It appears that the cybercriminals behind the exploit... |
Cerber :The Cerber ransomware was discovered in March 2016. Inspired by the Software-as-a-Service (SaaS) model, Cerber's creators distribute licenses of their ransomware to other cybercriminals in exchange for... |
Chaos :Lumen's Black Lotus Labs researchers have dubbed the latest malware they've detected "Chaos." And it has to be said that it's rather aptly named. More compatible with multiple platforms and computer architectures,... |
Ck :This is an exploit kit used by ransomware. |
Clop :Clop Ransomware, which belongs to the Cryptomix ransomware family, is a dangerous file encryption virus that actively attacks the security of unprotected systems and encrypts saved files by adding the... |
Conti :Conti is a ransomware observed since 2020, reportedly distributed by a group based in Russia. The software uses its own implementation of AES-256 that uses up to 32 individual logical threads, making... |
Cring :The Cring ransomware made headlines as the threat was used in an attack that exploited a bug in the 11-year-old version of Adobe ColdFusion 9 software, the first recorded incident involving the use of... |
Cry :Posting as a fake organization called Central Security Treatment Organization, uses Imgur.com and Pastee.org to host information about each victim, and queries the Google Maps API to determine the victim's... |
CrypBoss :This Ransomware will delete volume snapshots to prevent file restoration and use AES encryption. It will add file extensions to the following formats (.hydracrypt_ID_[8 random characters] and .umbrecrypt_ID_[victim_id]).... |
CrypMIC :CrypMIC is a ransomware virus similar to CryptXXX and UltraCrypter. After infiltration, CrypMIC encrypts various files stored on the system using RSA-4096 encryption, an asymmetric encryption algorithm.... |
CryptFIle2 :CryptFIle2 (also known as Bandarchor) is a ransomware that sneaks into systems and encrypts files using the asymmetric algorithm. This ransomware adds the extension .id_[VICTIM_ID]_[EMAIL].scl to all... |
CryptXXX :CryptXXX is a ransomware malware distributed using the Angler exploit kit. After infiltration, CryptXXX encrypts various files stored on local and mounted drives using RSA4096, an asymmetric encryption... |
CryptoFortress :CryptoFortress is a ransomware that infiltrates systems through infected emails and fake downloads (e.g. fake Flash updates, malicious video players, etc.). Once the infiltration is successful, the files... |
CryptoMix :Ransom.Cryptomix is a ransomware that encrypts files on the victim's machine and demands payment to recover the information. The name Cryptomix is a combination of two separate ransomware families, CryptXXX... |
CryptoMix Revenge :Revenge is a new variant of a ransomware virus called CryptoMix. It is also very similar to CryptoShield (another variant of CryptoMix ransomware). Criminals proliferate Revenge via a RIG exploit kit.... |
CryptoShield :CryptoShield is an updated version of CryptoMix ransomware. CryptoShield is distributed with the help of Exploit Kits. Once infiltrated, this ransomware encrypts various data using RSA-2048 cryptography... |
CryptoWall :CryptoWall is a ransomware malware that works by encrypting files on an infected computer and requires users to pay a ransom to receive a decryption key. It was originally released in 2014, but has undergone... |
Cryptohasyou :.Cryptohasyou is a ransomware that encrypts various files stored on the infiltrated system, including .exe, .com, .bin, .dat, .sys, all .dmp, .information. .key, .pdb, .bat, .ps1, .vb, .ws, .wsd, .cpl,... |
Cryptolocker :A CryptoLocker is a crypto-locker malware. Its purpose is to lock one or more machines and then demand a ransom. It is spread by email or via a botnet and when activated, it encrypts several files present.... |
Cryptoshocker :CryptoShocker is a ransomware that infiltrates computers and encrypts stored files. This virus adds the .locked extension to the name of each encrypted file. The targeted file types include .jpeg, .doc,... |
D
DHCP :DHCP (Dynamic Host Configuration Protocol) is a network protocol (in client/server mode) whose role is to ensure the automatic configuration of the IP parameters of a machine. It is possible to assign... |
DNS :On the Internet, to make life easier for users, a system has been created that maps a domain name (for example, wikipedia.org or prohacktive.io) to an IP address (for example, 134.119.176.28). It's kind... |
DNSSEC :DNSSEC ("Domain Name System Security Extensions") is a protocol standardized by the IETF to solve certain security problems related to the DNS protocol.When the browser sends a request, it returns with... |
DeadBolt :The DeadBolt ransomware is targeting QNAP brand NAS devices. It exploits a zero-day security flaw present in the Photo Station application. This application is used to manage its personal photos from... |
Dearcry :In March 2021, Microsoft released patches for four critical vulnerabilities in Microsoft Exchange servers. These vulnerabilities have been actively exploited in various attack campaigns. DearCry is a... |
DirtyDecrypt :DirtyDecrypt is a ransomware that infiltrates systems and encrypts various types of files (including .pdf, .doc, .jpeg, etc.). During the encryption process, DirtyDecrypt embeds an image file into each... |
Disdain :This is an exploit kit used by ransomware. |
Dotkachef :Dotkachef is a new exploit kit that appeared in early 2013. Unlike the Magnitude and Neutrino exploit kits, which appeared around the same time, Dotkachef did not receive the attention or coverage that... |
Dxh26wam :Dxh26wam is a new crypto ransomware that encrypts target data using a combination of AES and RSA algorithms. The malicious .crypted extension added to the end of the original file name proves that the... |
E
ERIS :The ransomware adds ".eris" to infected files and uses Salsa20 and RSA-1024 encryption. Variants of this malware are known to be distributed in drive-by-downloads via exploit kits. Payment instructions... |
Emotet :Emotet is a Trojan horse malware. Originally intended to steal banking information, its malware has since diversified. It was mainly distributed through phishing campaigns.It was the subject of a CERT-FR... |
EnemyBot :EnemyBot is a dangerous IoT botnet that has been making headlines in recent weeks. The threat, which appears to be distributed by the Keksec group, has expanded its functionality by adding recent vulnerabilities... |
Erebus :Erebus is a ransomware virus distributed via malicious online ads. These ads redirect users to a Rig exploit kit server, which infects the computer system. After infiltration, Erebus encrypts various... |
Exploit :An exploit is a way to bypass the normal operation of software. A vulnerability is when there is a weakness in a computer system and an exploit is when it is possible to use that flaw. Let's take an example,... |
F
Fake Globe :The ransomware masquerades as Globe ransomware and adds various extensions to encrypted files. The ransomware continues to evolve and multiple variants continue to appear in the wild. The malware is also... |
FenixLocker :FenixLocker is another ransomware virus that encrypts files using AES cryptography. During encryption, FenixLocker adds the extension ".centrumfr@india.com" to the names of compromised files. After successful... |
FessLeak :The FessLeak Ransomware infection has caught the attention of computer security researchers. FessLeak Ransomware is spread via corrupted ads on popular web pages. To do this, those responsible for the... |
Firewall :A firewall is a computer tool (hardware and/or software) designed to protect the data on a network. It will monitor and filter incoming and outgoing network traffic based on security policies previously... |
FiveHands :FiveHands Ransomware is a threat that appears to have been exploited by hackers via a zero-day flaw in SonicWall VPN appliances. The flaw is being exploited so that hackers can spread the FiveHands Ransomware... |
Flash :Researchers discovered the Flash ransomware-like program while checking new submissions to VirusTotal. This software belongs to the Dcrtr ransomware family. After running a sample of Flash on our test... |
Flimrans :The ransomware does not encrypt victims' files but locks the screen. The malware claims to belong to several police departments. |
Flood :The flood is a malicious action that consists of sending a large amount of unnecessary data into a network in order to saturate it (in terms of bandwidth, for example). It is often used in denial-of-service... |
Formbook :FormBook is an infostealer malware that was first discovered in 2016. It steals various types of data from infected systems, including credentials cached in web browsers, screenshots and keystrokes. It... |
G
GandCrab :The RIG and GrandSoft exploit kits are used to distribute this strain of ransomware via phishing emails sent to victims. In the first month of distribution, the GandCrab strain is estimated to have infected... |
GandCrab 4 :On July 1 version 4 of the GandCrab ransomware sees the light of day followed a few days later by version 4.0.1. These versions change the encryption method. The extension of the encrypted files is changed... |
GandCrab 5 :The ransomware adds random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt the infected files. The threat actor demands that the ransom be paid... |
GetCrypt :GetCrypt is a ransomware released by the RIG exploit kit, which encrypts victim's files using Salsa20 and RSA-4096. It adds a random 4-character extension to the files that is unique to the victim. It... |
Glupteba :Glupteba is a Trojan malware that is among the top ten malware variants of 2021 . After infecting a system, Glupteba malware can be used to deliver additional malware, steal user authentication information,... |
Goopic :The Goopic ransomware was discovered in May 2016. Deposited on victims' computers using the Rig Exploit Kit as well as bundled in toolbar installers, freeware as well as fake flash drives. Using RSA-2048... |
H
Hanjuan :HanJuan is a stealth exploit kit that specializes in exploiting vulnerabilities in Internet Explorer, Silverlight and Adobe Flash Player. Their attack vectors differ so much that it is sometimes difficult... |
HelloKitty :Unit42 says HelloKitty is a family of ransomware that first appeared in late 2020, primarily targeting Windows systems. The malware family gets its name from its use of a Mutex of the same name: HelloKittyMutex.... |
Hermes :Hermes is a ransomware malware discovered by Michael Gillespie. Once infiltrated, Hermes encrypts files using RSA-2048 cryptography. This malware does not add extensions to encrypted files. After successful... |
Hydracrypt :HydraCrypt is a ransomware that runs on Microsoft Windows. It is a member of the CrypBoss family. HydraCrypt is relatively simple and looks like Hi Buddy! and UmbreCrypt. HydraCrypt is distributed through... |
I
IDS :An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. There are two main categories of IDS:Signature-based... |
J
JuicyLemon :This Ransomware assigns a unique 7-digit number to each victim and changes the names of all infected files with an attachment. Some targeted extensions: .doc, .docx, .txt, .pdf, .html, .sql, .ini, .xls,... |
K
Kaixin :The exploit kit (also known as CK VIP) reportedly originates from China and focuses on users who visit compromised Korean websites. KaiXin resurfaced in 2018 and infects users with the Gh0st remote access... |
Kovter :The ransomware attempts to scare victims by pretending to belong to the local police with the ransom note stating that the user has violated the law. Kovter has also been seen performing click fraud from... |
Kraken Cryptor :The ransomware adds random extensions to encrypted files and asks the victim to send an email to the threat's author to obtain the decryption key. Some variants of the malware are disguised as SuperAntiSpyware... |
L
Lights-out :The exploit kit, also known as Hello, targets vulnerabilities in Adobe and Java components. |
Locky :Locky is a ransomware Trojan sent via email and presented as an invoice that needs to be opened with Microsoft Word. At first glance, the document appears unreadable and asks the user to activate macros.... |
Log4Shell :The Log4Shell security flaw was discovered on December 10, 2021 by security researcher Chen Zhaojun of Alibaba Cloud Security. This CVE-2021-44228 flaw was found in the Java library "log4j". Log4J is... |
Lokibot :Also known as Lokibot, Loki PWS and Loki-bot, this Trojan malware targets Windows and Android operating systems. It is designed to infiltrate systems and steal sensitive information such as your usernames... |
Lorenz :Lorenz is a new variant of Sz40 ransomware, which is designed to encrypt data and demand a ransom for decryption. In other words, Lorenz makes affected files inaccessible and asks victims to pay - to... |
Lucifer :Dubbed Lucifer, the self-propagating malware targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. This new variant initially attempts to infect devices by bombarding... |
M
Magniber :The ransomware primarily targets South Korean victims and is distributed via the Magnitude exploit kit. The malware uses AES encryption and uses four domains for callback to command and control servers.... |
Mailto :The ransomware, also known as Netwalker, targets corporate networks and encrypts all Microsoft Windows systems found. The malware was detected in August 2019 and new variants have been discovered throughout... |
Malware :A malware or "malicious software" is a program developed with the purpose of harming a computer system. There are several methods used by hackers to infect a computer such as phishing for example.Types... |
Matrix :Matrix is a family of ransomware that was first publicly identified in December 2016. Over the years since its inception, it has primarily targeted small and medium-sized organizations. As of 2019, it... |
Maze :Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the victim's ID. The ransom note is placed in a text file and an htm file. A few different... |
Metasploit :Metasploit is an open-source project for developing and deploying computer attacks.The Framework allows to do a lot of things like :Scanning and collecting all information on a machineIdentification and... |
Minotaur :Minotaur Ransomware is an encryption ransomware Trojan designed to hold victims' files hostage in order to demand payment of a ransom. Minotaur Ransomware reaches victims' computers through corrupted... |
Mitre :The MITRE is a nonprofit organization focused on research and development in the areas of defense, national security and information technology.Founded in 1958, MITRE is a public-private partnership funded... |
Mobef :Mobef Ransomware takes control of a computer by encrypting its victim's files and then demanding a ransom to decrypt those files. It changes the extensions of the affected files and displays a ransom... |
Mole :The ransomware poses as a shipping notice and claims to destroy the decryption key if the ransom is not paid within 78 hours. The malware continues to evolve and redirects victims to a fake Office webpage.... |
N
NanoLocker :The ransomware uses the AES-256 encryption algorithm to encrypt files and is deployed through spam emails and the Nuclear Exploit Kit. |
Nebula :The Nebula virus is a recently discovered ransomware, it is a modified version of Noblis ransomware. It is programmed to infect as many computers as possible, process target users' data, and then extort... |
Nefilim :According to Vitali Kremez and Michael Gillespie, this ransomware shares much of the code with Nemty 2.5. The difference is the removal of the RaaS component, which has been replaced by email communications... |
Nemty :The Nemty (Ransom.Nemty) ransomware, originally detected in August 2019, has increased its reach by joining forces with the Trik (Trojan.Wortrik) botnet, which is now spreading Nemty on compromised computers.... |
Neptune :The exploit kit is a new brand of the Terror exploit kit. It is advertised on various forums and can be rented by the week or month. |
Null-hole :The NULL Hole exploit kit is a browser exploit kit that allows a remote attacker to compromise systems by attempting to exploit multiple kernel-mode driver and browser plug-in vulnerabilities. The NULL... |
O
Osint :OSINT or "Open Source Intelligence" means "Renseignement de Source Ouverte". It is intelligence obtained from a public source of information. The investigator who collects this type of source is called... |
P
Paradise :Paradise is a ransomware virus advertised as RAAS (Ransomware As A Service). The developers allow affiliates to perform minor changes (for example, change the contact email address and ransom amount)... |
Payload :So there you have it, you have found a vulnerability in your system. What are the risks? A malicious person may use an exploit (if one exists) to compromise the system. An exploit is a piece of code that... |
Pentest :The pentest is a method that consists of analyzing a target by putting oneself in the shoes of a malicious hacker, or cyberpirate. This target can be an IP, an application, a web server, a connected device... |
Petya :The Petya ransomware began spreading internationally on June 27, 2017. Targeting Windows servers, PCs and laptops, this cyberattack appeared to be an updated variant of the Petya malware virus. It used... |
Philadelphia :Philadelphia is an updated version of the Stampado ransomware virus. It is distributed via phishing emails that contain fake late payment notices. These messages, however, include links to the Philadelphia... |
Phorpiex :Phorpiex is a worm that spreads via removable drives and network drives. Some variants of Phorpiex will also download additional malware such as cryptominer and execute it. |
PizzaCrypts :PizzaCrypts is a ransomware malware distributed using Neutrino Exploit Kit. After a successful infiltration, PizzaCrypts encrypts most system files and adds the extension id-[victim ID]_maestro@pizzacrypts.info... |
Princess Locker :Princess is a ransomware virus that encrypts most of the data stored on the infiltrated computer. During encryption, Princess adds random extensions to the names of the compromised files. This is quite... |
Q
Qlocker :Qlocker is a ransomware malware. Malware in this category makes data inaccessible (mainly by encrypting it) and demands a ransom to regain access. In the case of Qlocker, it affects victims' files by... |
R
RCE :Remote Code Execution (RCE) is an attack that allows an attacker to remotely execute commands on a target machine. Remote Code Execution (RCE) is also known as code injection. |
REvil :REvil (also known as Sodinobiki) is a ransomware malware. Appearing in 2019, this ransomware is particularly active and its main infection vector is phishing. The attacks not only involve encrypting data... |
Radamant :Radamant is a ransomware-as-a-service toolkit offered in hacker forums that targets Windows. The encrypted files are renamed to *.rdm or *.rrk. The ransom note is stored in "YOUR_FILES.url" on your desktop.... |
Ramnit :The Ramnit family of malicious programs has many variants, which can be individually classified as trojans, viruses or worms. The first Ramnit variants that appeared in 2010 were viruses that infected... |
Ransomware :Ransomware is malicious software that will block access to the computer or your files.Types of ransomwareScarewareA scareware will masquerade as security software. It will display an alert message telling... |
Ransomware ESXi :Hypervisors running VMware ESXi are in the crosshairs of cybercriminals! This time, the ongoing attack campaigns target the CVE-2021-21974 vulnerability, for which there is a patch since February 2021.... |
Redkit :RedKit Exploit Kit is a dangerous hacking tool that is used to attack computer users who visit an attack website containing this threat. Computer users are usually directed to malicious websites using... |
Remcos :Remcos or Remote Control and Surveillance, marketed as legitimate software by a German-based company Breaking Security to remotely manage Windows systems, is now widely used in multiple malicious campaigns... |
Reveton :The ransomware poses as a law enforcement authority and scares victims into paying fines by informing them that their computer has been used for illegal activity. |
Rootkit :A Rootkit is a set of techniques (one or more pieces of software) for creating (usually unauthorized) access to a machine. The goal of these Rootkits is to go under the radar and be as stealthy as possible.What... |
Router :routes packets from one LAN to another (office, lab, network). Allows partitioning (or by firewall that filters in + packets) |
Ryuk :Ryuk is a ransomware malware that was discovered in 2018. Ryuk is a version of ransomware attributed to the WIZARD SPIDER hacker group that has compromised governments, universities, healthcare facilities,... |
S
SSL :(Secure Sockett Layer): a security protocol that secures the exchange of information between devices connected to an internal network or the Internet. Most often, SSL is the protocol that is used to connect... |
Sage :The original version adds the ".sage" extension to encrypted files and charges 0 in bitcoins for the decryption key. A second version, Sage 2.0, charges ,000. Sage 2.2 was discovered in February... |
Sakura :Sakura will add its specific .Sakura extension to each file name. For example, a file named "photo.jpg" will be changed to "photo.jpg.Sakura". Similarly, the Excel sheet named "table.xlsx" will become... |
Sednit :The exploit kit is a custom kit used by the hacker group "Sednit" and targets vulnerabilities in Microsoft Internet Explorer. |
Sekhmet :The Sekhmet ransomware, which emerged in March 2020, has already disclosed stolen data from at least six victims to date. A recent known attack, which occurred on June 20, 2020, targeted SilPac, a gas... |
Seon :Seon is a malware classified as ransomware and designed to block access to data (via encryption) until a ransom is paid. This computer infection was discovered by Anti-malware. Seon renames each encrypted... |
Sherlock :ProHacktive has created Sherlock, an automated, plug & play cybersecurity auditing box. This solution protects you from attacks by giving you a complete inventory of all devices on your network and their... |
Shlayer :Shlayer malware appeared in early 2018. This Trojan tricks macOS users into downloading malware, with the intention of generating revenue from ads and links that continuously appear in the victim's browser.... |
Sibhost :The Sibhost exploit kit redirects the user's browser to malicious servers that, in turn, take advantage of vulnerabilities in Oracle and Adobe products. |
SnakeKeylogger :Snake Keylogger (a.k.a. 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victim's sensitive information, record keystrokes, take screenshots, and... |
Sodinokibi :First identified in 2019, Sodinokibi (also known as REvil or Evil Ransomware) was developed in a private operation - as ransomware-as-a-service (RaaS). The RaaS distribution approach means that many people... |
Spora :Spora is a ransomware virus distributed via spam (malicious attachments). Each scam spam contains an HTA file that, when executed, extracts a JavaScript file ("closed.js"), placing it in the system folder... |
Stampado :The ransomware-as-a-service (RaaS) is advertised on the Dark Web for and allows would-be criminals to delete a random file from the victim's PC every 6 hours if the ransom is not paid. The malware... |
Stop :The stop ransomware uses AES encryption and adds one of more than 20 different extensions to infected files. The malware was discovered in late 2017, with new variants appearing in the threat landscape... |
T
Terror :The exploit kit was discovered in late 2016 and its code base comes from the Sundown exploit kit. The main goal of the exploit kit is to turn infected systems into miners of the Monero crypto-currency.... |
TeslaCrypt :The TeslaCrypt ransomware was discovered in 2015 and continues to evolve. TeslaCrypt allows the victim to pay the ransom in either bitcoins or PayPal My Cash cards. The malware targets nearly 200 file... |
ThreadKit :The exploit kit is used to create malicious Microsoft Office documents in order to exploit a series of Microsoft vulnerabilities. The builder is sold on the Dark Web and has been used to infect victims... |
TorrentLocker :TorrentLocker is mainly distributed through spam emails and encrypts various types of files with AES. To carry out its infection, the ransomware uses a technique known as "process hollowing" to inject... |
Trickbot :Trickbot is a computer malware, a Trojan horse for Microsoft Windows and other operating systems, and the cybercrime group behind it. Its primary function was originally the theft of bank details and... |
U
UmbreCrypt :The UmbreCrypt Ransomware is a variant of the HydraCrypt ransomware. This Ransomware uses the RSA-2048 encryption method and adds an extension to files in the following format: "the UmbreCrypt_ID_youruniqueID".... |
Underminer :Underminer was first seen in 2017, targeting Asian countries by first deploying bootkits. It is a malware loaded during the boot process, which controlled the startup of the operating system, modifying... |
V
VLAN Hopping :VLAN hopping is a computer security exploit. The principle is that an attacking host on one VLAN accesses traffic from other VLANs that it should not have access to. There are two methods:Switch SpoofingDouble... |
VenusLocker :The ransomware is a variant of the "educational" EDA2 ransomware and encrypts files with AES-256 encryption. In late 2017, the threat actors behind the ransomware turned to mining the crypto-currency... |
Vulnerability :A vulnerability or flaw is a weakness in a computer system that allows an attacker to undermine the integrity of that system, i.e., its normal operation, confidentiality, or integrity of the data it contains.Let's... |
W
Wannacry :Wannacry is ransomware that was discovered in May 2017 during a massive global cyberattack. 300,000 machines were affected in this attack that exploited obsolete Windows systems (see security bulletin... |
Whitehole :"Whitehole uses similar code to Blackhole, one of the most popular toolkits today, but with some differences," as Trend Micro security researchers specified in a blog. For one thing, Whitehole only contains... |
X
XMRig crypto miners :XMRig is an open-source software designed for mining crypto-currencies like Monero or Bitcoin. However, it is also commonly abused by cybercriminals in their attacks, who infect computers with cryptojackers... |
Z
Zerobot :Zerobot was spotted in mid-November 2022 by security researchers at Fortinet. It is a malware coded in Go language that exploits about twenty vulnerabilities located in firewalls, routers, cameras, NAS,... |
E
eCh0raix :Ech0raix (QNAPCryptName) is a type of malware classified as ransomware that uses unusual methods of penetrating and encrypting user's data. Besides the typical system infection, it also spreads to physical... |
M
microsoft-word-intruder :The exploit kit was first discovered in 2013 and is used to create malicious Microsoft Office documents. The threat actor sells the kit on the Dark Web for between ,000 and ,500. |