Perimeter 2min de Leitura - 26 de August de 2020

Discover the main ransomware variations and their characteristics

Hacker encapuzado sentado em uma sala escura na frente de dois computadores

This post is also available in: English Português Español

Virtual attacks are becoming more common these days. According to a survey released by security firm Trend Micro, ransomware attacks increased 752% in 2016.

The ransomware known as Bad Rabbit, one of the latest attacks, has infected several Russian websites, in addition to an airport in Ukraine and the subway system in the country’s capital, Kiev. But that’s not all: it has also hit personal and corporate computers from several Eastern European countries. Evidence shows that the attack even reached Brazil.

“In 2016, cybercriminals have managed to profit more than $ 1 billion from data hijacking”

There are many ways of ransomware infection and its variations, which always have the same goal: data hijacking. This blog post aims to make a survey of the main variations of ransomware, responsible for generating losses to companies headquartered in Brazil and worldwide. Keep reading and have access to the peculiarities of each variant of the attack.

Understanding Ransomware

Ramsonware is a type of malware that infects computers so that the victims no longer has access to their data. The criminal then charges a ransom, usually using bitcoinvirtual currency.

Once the operating system is infected, all information stored by the company (or individual) will be encrypted/hijacked. Then a warning is sent: the device is locked and the user no longer has control over it.

It is worth remembering that there is no guarantee that the idealizers of a ransomware will comply with the part promised in the “transaction”, that is, the decryption of the compromised data. Therefore, the best way to combat this type of malware is through prevention.

What are the main types of Ransomwares?

There are two types of ransomwares. Locker Ransomware, which prevents access to the infected computer, and Crypto Ransomware, that encrypts the files preventing data stored on the computer from being accessed. In both cases the malicious user requests redemption for release or decryption of the data hijacked.

The most well known ransomware attacks

In addition to the latest variation of Ransomware, the Bad Rabbit, other variations are posted on the internet often. Some are minor attacks, others have been spread across continents. These attacks are very harmful, not only because they cause gigantic damage to companies and individuals, but because they can directly affect the image of the organization.

According to experts, these types of attacks happen because companies do not invest in basic security measures, nor in prevention.

To better understand the risks of these variations, we have compiled some of the most representative attacks in Brazil and the world.


“The Jigsaw Ransomware,” as it became known, was inspired by the famous character in the “Jigsaw” movie series. This type of attack begins with a greeting from the hacker, followed by a ransom request.

The attackers then give 24 hours for the victim to pay about $ 150 dollars in bitcoinvirtual currency and claim that in 72 hours all data is deleted. The difference of the Jigsaw, however, is that criminals keep deleting file by file until the payment is done.


The WannaCry infection started in May 2017. This is a Crypto-Ransomware that affects the operation of Windows OS and, according to rumors, uses scanning techniques used by the United States National Security Agency (which had been leaked months before the attack).

According to information released, more than 200 thousand people and 300 thousand computers were infected by ransomware. Some of the victims in Brazil, for example, were the Court of Justice of São Paulo and the Syrian-Lebanese Hospital.


Active since March 2016, Petya (also known as NotPetya and ExPtr) has already had three variations and reached much of Europe and Russia. The latest version of Petya, unlike much of ransomwares, did not encrypt only files. The process was started by encoding some key sectors of the disk, which prevented the system from starting. That way, no software can access the file list.

Petya is spread primarily through e-mail, as well as other variations of ransomwares. According to the cyber security company Proofpoint. This ransomware has a better propagation mechanism than that of WannaCry.

This post is also available in: English Português Español