Having been highly publicised and popularised after the WannCry and NotPetya incidents, ransomware is now squarely in the public domain. Forbes France Magazine even suggests that 20,000 computers a month are infected with malicious software in France. But did you know that there are ransoms and, well, ransoms? A summary of the most surprising ransomware of the past few years.


CryptoJoker: negotiable ransomware

It can never be repeated often enough: if there is a cyber attack, do not pay the requests for ransom. Besides the fact that it encourages the malware creator's to continue with their business and methods, paying a ransom does not guarantee that you can recover your encrypted files. In a 2016 survey, Kaspersky suggested that 17% of ransomware victims never recovered their files after having paid the ransom.

In order to “optimise” the number of payouts, CryptoJoker became the first crypto-ransomware to offer its victims a new feature: the possibility of negotiating the ransom they pay to recover their data. This brand of ransomware was discovered in January 2016 and marked the start of a new creative era for computer hackers.


Jigsaw: worrying ransomware

Jigsaw is a totally different kettle of fish. It was discovered in April 2016 and is directly inspired by the “Saw” series of horror films. As well as using the famous “Billy” doll visual, this brand of ransomware plays on the effect that increasing psychological pressure has on its victims and erases more data every hour. What is more, there is a clock counting down in the background.


CryptMix: charitable ransomware

Created by “The Charity Team” group of computer hackers and discovered in May 2016, CryptMix ransomware promises to pay the money from the ransom to a children’s charity(!). The authors of the attack thank victims for their involvement in an on-screen message and explain that “Many children will receive presents and medical help”.

It should be noted that at the end of the message the hackers also warn their victims that the ransom will be automatically increased by the server if it is not paid within 24 hours. How gracious!


PopCorn Time: ransomware for sharing

In December 2016, the MalwareHunterTeam discovered PopCorn Time malware, which offers a social alternative to paying the ransom. Victims can actually attempt to infect several of their acquaintances and wait for at least two of them to pay the ransom in order to get their files back.

What a Christmas present that would be.


Koolova: educational ransomware

Soon after this, in January 2017, more ransomware appeared offering to restore encrypted files for free. With Koolova, you no longer have to infect your friends - you just have to read two articles about ransomware. According to Forbes Magazine author Lee Mathews, these two articles were interesting to read because they were about a paper published by members of the Google security team on surfing the net and a BleepingComputer paper on Jigsaw ransomware.

Education through threats. Is this an avenue for CIOs to explore?


Spora: à la carte ransomware

After negotiable ransoms, ransomware entered a new stage in its life January 2017 with the advent of marketing techniques. To recover the files encrypted by Spora, victims are offered different fee levels for decrypting a single file, uninstalling the virus, promising not to reinfect the system right up to full restoration of files.

And as a goodwill gesture, the first two files are decrypted for free.


rensenWare: fun ransomware

rensenWare was created by a Korean student and it spread quickly in April 2017 after it was placed on a sharing site. And it couldn’t be easier to decrypt and recover your figures, you just have to finish a game. The only problem is that the game has been configured in hardcore mode.

More recently, the MalwareHunterTeam research team discovered a diet version in “PUBG ransomware” that requests that you play the PUBG video game...for an hour!


nRansom: kinky ransomware

The last in this chronological list is nRansom, which got tongues wagging in September 2017. Like other examples form the list, it does not ask its victims to pay the ransom in bitcoin but for them to send the computer hackers at least ten naked photos of themselves(!).

Later analysis of this virus showed that it was more like harmless malware and it didn’t actually encrypt your data. Was nRansom a saucy joke or a serious hacking attempt?


Though studies tend to show that progress in ransomware is diminishing, it is still a threat to be taken seriously because of the potential harm it can cause. Regularly installing updates, in-house awareness training about dealing with suspicious files and regular backups to the Cloud are all quick and easy first steps that a company can implement.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
The diverse variety of ransomware families, intrusion methods and affected targets makes securing systems an increasingly complex task. We review the lessons learned from 2021.
And because simply training your teams on computer security best practice is not enough, our Stormshield Endpoint Security solution provides a high-level protection in the face of modern threats.
About the author
Victor Poitevin Editorial & Digital Manager, Stormshield

Victor is Stormshield’s Editorial & Digital Manager. Attached to the Marketing Department, his role is to improve the Group’s online visibility. This involves Stormshield’s entire ecosystem, including websites, social networks and blogs. He will make use of his diverse experience, gained in several major French and international groups and communications agencies, to fulfill the Group’s high digital aspirations.