Ransomware anatomy

Ransomware anatomy
4.8 (95.86%) 58 votes

In recent times, malware trends have moved towards Ransomware. Even 2 years ago a leader for monetization cybercrime were banker Trojans, merged into larger botnets. But in 2014 the so-called cryptolocker appears. The company has been highly successful and quickly gaining popularity among malware and virus creators. And now let’s check why exactly this happen.

General Information

Rasomware – is extortionate software. In particular lockers encrypt files on a victim’s computer and then demand a ransom for decryption. The idea of extortion was a long time ago. We can tell that father of cryptolocker was different types of WinLockers.

Winlocker ctypter

They were quite primitive and are designed for the most inexperienced users. But after CryptoLocker appear everything changed. Often, the user files are encrypted resistant cryptographic algorithms and if the creators haven’t made mistakes in the implementation, it is impossible to decipher without the private key (what of course has only the creator).

But what caused love virus developers? There are several factors:

  • Relative ease of implementation. Unlike banking Malware, writing crypter is much easier. He should not live long in the system. His task is to work quickly and efficiently.

  • Direct monetization. For developer it was really hard to withdraw funds from the victim’s account. Often they lose everything in the end. In the case of Crypter, payment is required Bitcoins. This allows criminals to reduce their risks, so they get their money in 60% case.

  • Fashion. Crypter is in trend now. In the cybercrime world, there are also fashion and trends. Not always the same people always write and spread the malware. Often someone who interested find such developers and an order malware virus for themselves. Such crypter virus is really popular, so it will appear more and more virus of this type.

Radamant Ransomware

This is a new breed of ransomware that encrypts files using AES-256 encryption. Bleepingcomputer.com provides an excellent coverage of this ransomware. This malware was also found to be leased as a kit on private  malicious sites. It costs $1,000 to rent it for one month or potential buyers can test it for 48 hours for $100 USD.

Radamant partner

So if this crypter will spread really well you can get about 1000 $.
Statistically, if you take average users, 1 of 5 user will pay to scammers if its save the data and they spend about 300-500 $ for the key.
If you take the corporate sector the price higher and higher interest rates. But get this “clients” is more difficult.

Currently, among the leaders of the are the following families:

lockers virus

But there are many amateur handicrafts. For example, recently, we’ve got instances originally, what even doesn’t encrypt anything, but tries to delete all files on the infected computer. Picture of this crypter store on amazon s3 storage 🙂


Trends said that in the coming years, we are unlikely to see a decline in activity of this kind of malware. In the next article we will talk about safety against lockers, theoretical and practical ways to counter them.