Learn about the different types of ransomware


Phobos (from the Greek φοβος, fear) is a ransomware that started infecting computers in late 2018., This type of ransomware is related to the Dharma (CrySis) strain of which it shares part of the code, which has caused just as much damage among the 2017 and 2018.
Phobos exploits the RDP protocol putting millions of corporate servers and workstations at risk. With the proliferation of companies using cloud services, many have public Internet accessible Windows servers that are potential targets.

Fill out the form and one of our ransomware experts will get in touch to help you with your request.

* we recommend sending files in zip or rar format


Sodinokibi is the family name of Ransomware that targets Windows systems. This type of attack encrypts your important files and demands a ransom to decrypt them.
Sodinokibi ransomware is spread by brute force attacks and server exploits, but also via malicious links or phishing. Exploiting some vulnerabilities and often bypassing the anti-virus software Sodinokibi downloads a .zip file with the ransom code that moves through the infected network and encrypts the files, adding a random extension to them.


Dharma is an extremely dangerous ransomware, as it also encrypts all files located on local drives such as shared network directories and also deletes all shadow copies so that user cannot restore them. No mechanism has been found that could allow this malicious code to propagate to other devices
The malware basically behaves like a “Trojan-ransomware”, which means that human intervention is required for the activation of its malicious code (therefore a manual execution is necessary).


Ryuk is a type of ransomware used in targeted attacks, where the perpetrators make sure that essential files are encrypted so that they can demand ransom that can amount to hundreds of thousands of dollars.
This type of attack is capable of identifying and encrypting drives and network resources, as well as deleting shadow copies on the device by disabling Windows System Restore for users and thus making data recovery nearly impossible.


Conti is a relatively recent ransomware that is used to target large corporate or governmental business networks in a precise, fast and very effective manner. This type of attack is designed to be controlled remotely rather than automatically done on its own. Malware operators will hack a network and move around until they get the domain and admin credentials for admin privileges, eventually locking and encrypting the attacked user’s entire hard drive.

Globeimposter 2.0

GlobeImposter is a ransomware that first appeared in 2017 that uses various attack vectors to deliver the payload. With this method, the potential victims receive a blank email with an anonymous malicious zip file attachment. The goal is for the curious victim to open the attachment, which contains the payload. GlobeImposter installs itself during the application installation process and victims who skip or do not read the installation process, inadvertently install the payload. After successfully infecting the computer this attack extracts the payload from the Internet, Windows hibernation modes are then disabled to prevent the computer from going to sleep, and the malware copies itself to all available admin shares and copies the boot information automatic and key variables in the Windows registry.


STOP is an insidious new type of ransomware that is distributed in sites that promote crack fake software or free programs, which are actually adware packages that install it.
Some reported cracks infected with this attack include Kmspico, Cubase, Photoshop and antivirus software.
STOP Ransomware like the other encrypts your hard disk files by adding an extension . stop and issuing a ransom note.


GandCrab ransomware is a type of malware that encrypts victims’ files and demands ransom payments to regain access to their data. GandCrab targets PCs running Microsoft Windows.
After the infection, ransom notes are placed prominently on the victim’s computer which is directed to a site on the Dark Web, where upon payment of a ransom the files are freed.


Our Cybersecurity Center is active 24/7 in detecting, isolating and eliminating every new type of ransomware attack. If you believe you have been attacked by a new threat do not intervene in any way but send us 4-5 samples of the files you think have been infected. Our forensic recovery laboratory is able to analyze your files, identify the type of threat and perform the recovery in total safety and speed.