Part III. Ransomware Families

In Chapters 7, 8, 9, and 10, we will focus on ransomware families. The first three chapters are dedicated to Cerber, Locky, and CryptXXX, since these are three of the most commonly deployed ransomware families infecting users today. However, this is likely to change as security researchers figure out how to decrypt ransomware, or the hacking groups are caught. The last chapter highlights some smaller ransomware families that have interesting technical components or are going after niche targets.

Reading the headlines or listening to the nightly news, one gets the impression that the ransomware groups are running the show and are unstoppable. That is not the case. There are tens of thousands of security researchers around the world looking for ways to protect organizations and stop ransomware from spreading. These researchers work closely with law enforcement agencies and have been successful at shutting down many ransomware gangs. This means most successful ransomware teams run a real risk of going to jail for a long time, which may be why the team behind TeslaCrypt decided to shut down:1

Project closed

Master key for decrypt: 440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE. Wait for other people make universal decrypt software.

We are sorry!

That being said, even when a ransomware family dies, if it has achieved any sort of success, its methods will continue to function in another ransomware family. For example, despite the existence ...

Get Ransomware now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.