Book a free demo
Get a free one-on-one demo with a SafeDNS expert!
By clicking "Book Demo", you agree to SafeDNS Terms of Service
More Feed

8 Ransomware attacks to be aware of in 2021

Whenever you search ‘cyber-attacks’, ‘the worst cyber-attacks’, ‘the most dangerous cyber-attacks’, and ‘whatnots’ you end up in most cases getting results with the usual suspects. One of them is ransomware.

Since 2018 ransomware attacks have been recognized as some of the biggest online threats by the MIT Technology Review, Wired, Pegasus Technology, or  The Sun, and they are still pop stars in 2021, and likely to be in the next decades. This article discusses eight of them. 

Popstar #1 Sodinokibi or REvil

It is ransomware that encrypts all the files available on local drives apart from those that are listed in their configuration file. Via phishing campaigns, Trojan, fake software updaters, software ‘cracking’ tools, and malicious software sources, people get infected. it prompts victims to download documents or images. After clicking, loads of high-risk malware are installed rapidly to force victims later on to pay a ransom.

Popstar #2 Maze

It crypts all files that it can in an infected system and then demand a ransom to recover the files. Usually, people are asked to pay for a ransom not to have their files or information released on the Internet. Hackers often used spam e-mails and exploit kits, these days they come in many forms: gaining high-access privileges, carry out lateral movement(identifying targets and assets), and deploying file encryption on all drives.

Popstar #3 Netwalker 

It spreads through VBScripts. It can reach all the machines connected to the same Windows-based network as the original attack source. The perpetrators gain unauthorized access to the networks of larger organizations by controlling appliances with unpatched VPN, weak remote desktop security, or flaws in web applications. As a result, everything stored in the victims' devices becomes inaccessible.

Popstar #4 Phobos

It is distributed via hacked Remote Desktop (RDP) connections. Because RDP servers are not expensive commodities on the underground market, it comes in handy as a dissemination vector for hackers. Like Dharma, it encrypts files on the infected device through AES-256 with RSA-1024 asymmetric encryption. Victims have to pay a ransom once infected.

Popstar #5 DoppelPaymer

It is designed to encrypt victims' files and restrict access to their own devices, thereafter promoting victims to pay for a ransom. It is very sophisticated. It proceeds with network infiltration via malicious emails having spear-phishing links or other enclosed files designed to lure victims. Once infected, eventually victims are asked to pay for a ransom.

Popstar #6 Bad Rabbit

This is a malicious code that finds its way on a computer via an Adobe Flash installer apparently legit on the websites it compromised. By using JavaScript, attackers administer it into the Java/HTML files of the infected/targeted websites. Thus, when a user clicks on the malignant installer, his/her computer gets blocked. What to do? You will have to pay approximately $280 (in Bitcoins) within a two-day-max deadline.

Popstar #7 Cerber

Cerber is carried out as ransomware-as-a-service (RaaS), operating as a ‘cartel’ of cybercriminals. It mostly targets cloud-based Office 365 users via an email containing a doc. type document. Any person that wishes to hack you can purchase and deploy it. The person will just have to share 40 percent of his/her profits with their vendor.

Popstar #8 Dharma

Dharma is a cryptovirus specializing in extortion by encrypting user files and has been evolving since 2016. It uses an AES 256 code that ciphers while at the same time erases shadow copies, mostly identifiable with the following extensions. USA, .best, .gif, .heets, .AUF, and .xwx, thus infecting contact emails.

Honorable Mentions:


Named after a horror movie character, ‘Jigsaw’, played by Tobi Bell, it encrypts user’s files and simultaneously erases them ⎼ provided that you pay the ransom and do not try any monkey business move like shutting down your computer. Do it at your own risk of losing thousands of files every time you do it. You got it, once victims realize that they are infected, they need to react ASAP, usually 24 hours to pay a 150-dollar ransom. 


The ransom after being infected by GandCrab is around 600 dollars. It is deployed via ransomware campaigns, mostly via VBScript, Microsoft Office macros, and PowerShell, which also helps it dodge detection; it also uses a ransomware-as-a-service (RaaS) approach like Cerber(Pop Star #2) to capitalize on consumers via phishing emails.


LockerGoga is a different threat, it rarely encrypts files like other ransomware, and it has infected many industrial firms, engendering significant damage. It is the latest, targeted, and more damaging kind of ransomware. Its latest form logs affected users off their devices. Very often infected users are not able to see the ransom message and directives on how to retrieve files. 


In the world of ransomware, not all hackers want money. PewCrypt was created to prompt infected users to subscribe to a Popular YouTube channel (PewDiePie). It is distributed by spam emails and websites with adware. It also uses an advanced 256 bit AES encryption method to infect users. 


Ryuk mostly targets enterprises that can afford to pay huge ransoms to regain access to their files. It uses strong military algorithms such as ‘AES-256’ and ‘RSA4096’ to encode files and ask ransoms of the equivalent of 10 to 50 bitcoins(1 Bitcoin = 32447 dollars as of now).

Ransomware is avoidable!

Although you may recover encoded files, there is no solution that can combat all types of ransomware at once, as new forms of it come to life almost every day.
At SafeDNS we recommend non-savvy and savvy users on the subject to use DNS filtering to prevent such threats before they load on your devices. If you need to know more about ransomware attacks and how to get relevant protection, kindly get in touch with one of our experts.

[This article was updated on Wednesday 27th, January 2021 at 07:40 GMT-5]