| ID | E1486 |
| Objective(s) | Impact |
| Related ATT&CK Techniques | Data Encrypted for Impact, Data Encrypted for Impact (Mobile) |
Malware may encrypt files stored on the system to prevent user access until a ransom is paid and/or to interrupt system availability. The encryption process usually iterates over all letter drives in the system (except for CD drives) and then recursively encrypts all files with specific suffixes.
See ATT&CK: Data Encrypted for Impact and Data Encrypted for Impact (Mobile).
| Name | ID | Description |
|---|---|---|
| Ransom Note | E1486.001 | Ransomware displays a ransom note. Ransom notes are sometimes used to link instances of ransomware, even when the code or anti-analysis techniques change. |
| Name | Date | Description |
|---|---|---|
| CryptoWall | 2014 | [1] |
| CryptoLocker | 2013 | [2] |
| Locky Bart | 2017 | Encrypts files for ransom without any connection to the Internet. |
| SamSam | 2015 | Ransomware. |
[1] http://www.secureworks.com/cyber-threat-intelligence/threats/cryptowall-ransomware/
[2] http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/