Aesir Ransomware is another crypto-virus in the generation of Locky ransomware family. Virus uses RSA-2048 and AES-128 encryption algorithms. Aesir detects and encrypts more then 450 file types, and most sensitive are user documents, pictures and videos. Now it appends .aesir extension and has some minor technical changes in comparison to previous versions. This crypto-virus renames files with complex and random 24-character alphanumeric code separated by dashes. Ransom amount is huge: 3 BitCoins (~$2200) and there is no earthly use to pay it. Malefactors, who created this malware never send decryption keys. Aesir modifies desktop background with an image that contains information about the infection and instructions for user to pay.
Thor Ransomware is the newest version of the file-encryption virus. It comes from “Locky” ransomware family, that uses asymmetric cryptography (RSA-2048 and AES-128 encryption algorithms) and appends various file extensions to encrypted files. This family uses names of Thor comics character: .locky, .odin or some other random names. Now it uses .thor extension, and modifies the name to the set of 32 random letters and numbers. Technically, new virus uses same technology, but updated security keys, so old decryptors won’t work. Ransom amount is the same: 3 BitCoins. Thor ransomware substitutes desktop background with image with information about the infection and instructions to pay the ransom.
Odin Ransomware is the latest version of the infamous Locky ransomware. As we know, previously it added .locky and .zepto extensions. Now it uses .odin extension. Technically, it is the same Locky virus, that uses same asymmetric cryptography. However, now key is changed and currently AutoLocky Decryptor that was able to decrypt .locky files can do nothing with .odin files.
Cerber3 ransomware is new version of notorious Cerber virus that infected hundreds of thousands computers. It uses the same algorithms to infect computer and encrypt user files. Now it appends .Cerber3 to those files. Names of the files are changed to random 10 character sequence. Among other differences between Cerber3 and it predecessor are new ransomware note files (@__README__@.html, @__README__@.txt and @__README__@.url instead of #DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, #DECRYPT MY FILES#.vbs). Text and html files contain identical instructions to pay the ransom, .url file opens Cerber3 website.
Cry Ransomware is crypto-virus, that infects Windows-based computers and encrypts data of different types. Usually, those are documents, music, photos, e-mails and other files, that can be very important for the user. Ransomware adds .cry extension to affected files and demands $150 ransom for decryption. If ransom is not paid within 100 hours, amount doubles to $300. Among peculiarities, that differentiates Cry virus from other threats of this kind – it creates old_shortcuts on the desktop and moves encrypted files to this folder.