We have talked about ransomware distribution, techniques used by ransomware, and their payment mechanisms. This chapter will include historical ransomware and some of the latest ones that have really made an impact around the globe.

There are some usual things in malware and ransomware today. Things like persistence mechanisms, evasion techniques, and self-protection described in Chapter 1, Malware from Fun to Profit are common to all malware. We won't be talking about these again and again. We have talked about how to look into virtual memory strings in Chapter 1, Malware from Fun to Profit and Chapter 2, Malware Analysis Fundamentals. While going through case studies, we will mention the strings present in the unpacked malware or in the virtual memory of malware when it is unpacked. We are mentioning strings as we can use them in detection. We will be talking about malware signatures in Chapter 10, Future of Ransomware. These strings can be used to create rules for sandboxes or malware detection tools.

ScreenLocker ransomware is not so prevalent today on Windows. But it’s worth covering them as they reigned when they were there. Now, some screen lockers are only seen on Android mobiles. Reveton and Winlock are two famous ScreenLocker ransomware.