Spora Ransomware is advanced virus, that encrypts different types of files on Windows machines with RSA cryptography. Possibly, originates in Russia. Spora disables Windows Startup Repair, removes Shadow Volume copies, and modifies BootStatusPolicy, which makes it difficult to restore files using standard methods. In addition, private decryption key is also encrypted with AES cryptography, and currently the only way to return your files is restoring from backup (if you have it). Some of the features of Spora Ransomware are: it can work without internet connection, it doesn’t modify file names or file extensions. Ransom must be paid in BitCoins and estimates between $79 and $280, depending on the options user chooses.
Osiris Ransomware is newest variant of Locky ransomware. According to its name, new virus adds .osiris suffix to encrypted files and modifies filenames so they look like that: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Osiris encrypts files with RSA-2048 and AES-128 algorithms that currently cannot be decrypted. Ransom is near 2.5 BitCoins (~$1880) and there is no earthly use to pay it. Osiris ransomware alters desktop background with typical image with text instructions. User can only make payment to anonymous Bitcoin wallets, so that police cannot keep track on malefactors.
.zzzzz Ransomware is another variant of Locky ransomware, that adds .zzzzz extension to encrypted files. Virus encodes user files with asymmetric encryption algorithm and modifies filenames with 32-digit alphanumeric code. This makes it difficult to discern where certain files are and complicates decryption. After completing encryption ransomware creates 3 files (-INSTRUCTION.html, _6-INSTRUCTION.html, and -INSTRUCTION.bmp) and replaces desktop background image. In this files virus contains texts to persuade users to pay the ransom. Ransom is actually quite big – 3 BitCoins or ~$2200.
Aesir Ransomware is another crypto-virus in the generation of Locky ransomware family. Virus uses RSA-2048 and AES-128 encryption algorithms. Aesir detects and encrypts more then 450 file types, and most sensitive are user documents, pictures and videos. Now it appends .aesir extension and has some minor technical changes in comparison to previous versions. This crypto-virus renames files with complex and random 24-character alphanumeric code separated by dashes. Ransom amount is huge: 3 BitCoins (~$2200) and there is no earthly use to pay it. Malefactors, who created this malware never send decryption keys. Aesir modifies desktop background with an image that contains information about the infection and instructions for user to pay.
Thor Ransomware is the newest version of the file-encryption virus. It comes from “Locky” ransomware family, that uses asymmetric cryptography (RSA-2048 and AES-128 encryption algorithms) and appends various file extensions to encrypted files. This family uses names of Thor comics character: .locky, .odin or some other random names. Now it uses .thor extension, and modifies the name to the set of 32 random letters and numbers. Technically, new virus uses same technology, but updated security keys, so old decryptors won’t work. Ransom amount is the same: 3 BitCoins. Thor ransomware substitutes desktop background with image with information about the infection and instructions to pay the ransom.