Reveton was a form of financial ransomware delivered via drive-by-download attacks. The calls, however, were rerouted, and the victims incurred additional fees.
After inputting the code into their devices, victims were prompted to call a supposed toll-free number.
Victims were instructed to purchase a $10 text message code. The nonencrypting ransomware infected users via a malicious website. WinLock was the first locker ransomware to hit the headlines.
While the RSA encryption key was difficult to crack, Archievus was quickly abandoned once it was discovered the attackers used the same password to lock all files. Once folders were encrypted, victims were directed to an online store only after victims made a purchase would they receive a password to unlock their files. The malware targeted computers' "My Documents" folders.
It targeted Windows systems and spread via malicious URLs and spam emails. May 2006: ArchievusĪrchievus was the first ransomware to use a 1,024-bit Rivest-Shamir-Adleman (RSA) encryption key. Unlike many of today's ransomware attacks, GPCode's authors focused on volume rather than individual payouts, sending an exorbitant number of malicious emails and demanding $20 to $70 ransoms. The malware, spread via email, encrypted victims' files and renamed them Vnimanie, meaning attention in Russian. Once members infect computers and collect ransom payments, a portion of the ransom is paid to the RaaS creator under previously agreed-upon terms.Īfter a 15-year lull, GPCode marked the beginning of the internet era for ransomware. The fees depend on the ransomware's complexity and features, and generally, there's an entry fee to become a member. RaaS creators host their ransomware on dark net sites and allow criminals to purchase it as a subscription - much like a SaaS model.
Some newer variants also infect shared, networked and cloud drives. It encrypts all or some files on a computer and demands a ransom from the victim in exchange for a decryption key.