Researchers security from Proofpoint discovered three new ransomware families: CryptFlle2, BrLock, and MM Locker.
These three new versions of ransomware are part of a growing global trend in spreading ransomware over the past few months, with an increasing number of malware being released every month.
CryptFIle2
CryptFIle2 appeared in mid-March of 2016 and Proofpoint reports that scammers use Neutrino and Nuclear exploit kits to distribute malicious software to their victims.
This particular ransommare is very simplistic at this point, isn't it uses some payment or decryption service, and to recover their files, one would have to contact the creator of the ransomware via e-mail and negotiate a price for the decryption.
Researchers report that the application uses RSA-2048 encryption and could be a clone of CryptoBoss ransomware.
BrLock
The second ransomware discovered by the researchers discovered was called BrLock, and was first observed ten days ago at 18 April. It targets only users from Russia.
The developers of the application even ask for a ransom of 1.000 rubles (around 15 dollars). The low ransom price is indicative of geographic targeting as Russians usually do not have the financial means toconditions to pay exorbitant ransom demands, as victims do in Western countries.
Ransomware only locks the computer screen and does not encrypt the files. So if someone finds a way to bypass the screen lock, they can use the computer normally.
MM Locker
This ransomware was discovered in early March, and uses encryption to lock users' files, and adds the ".locked" extension to all encrypted files.
The specificity of MM Locker is the ransom note, which is quite large and tries to persuade the victim to pay.
