Chapter 10. Other Ransomware Families

Part III of this book has focused on three major ransomware families. By all accounts, Cerber, Locky, and CryptXXX account for the majority of ransomware infections today, but they are by no means the only ransomware families out there.

The purpose of this chapter is to provide an overview of some of the other families that are out there and to highlight some unique trends in ransomware. Ransomware like Ransom32, which is written entirely in JavaScript, or PowerWare, which is written in Microsoft’s powerful PowerShell scripting language, and KeRanger, ransomware that target Apple’s OS X operating system, all provide unique insight into different attack vectors that are being used by hacking groups that develop ransomware. Other ransomware families are worth highlighting because of their popularity or unique features.


CryptoWall was one of the longest continuously operating families of ransomware. First reported on in late 2013, it has morphed through different variants over the years, but continued to operate and adapt to changing security environments. As of this writing, CryptoWall is the most successful ransomware to date. Before shutting down all operations in late March of 2016 it had gone through six major revisions.

The authors of the 3.0 variant of CryptoWall have made anywhere from the FBI estimate of $18 million from US victims in 2015 to the CyberThreat Alliance estimate of more than $325 million from victims globally. ...

Get Ransomware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.