Here’s a collection of 40 ransomware screenshots. (last updated 01/28/19) Here you can see how the interface design varies, but the demands are very similar. We see a range of payment methods from Bitcoin, MoneyPak, and Paypal. Not to mention, strange forms of payment such as sending nudes and playing an online game. Seems like we’ve only seen the “tip of the iceberg” of what’s evolving for ransomware.
Notice the psychological tricks they play on your emotions. A couple ransomware screenshots declare they took a photo and video of you using your webcam as evidence. Others use a countdown timer promising the key will be destroyed and you’re out of luck.
How would you feel if you saw one of these on your computer screen? Let us know in the comments section below!
UPDATE: Gorgon ransomware screenshot added (1/28/19):
Gorgon ransomware screenshot. A file locking virus asking for 0.3 worth of bitcoin. The green splash screen with a gorgon’s head is a new design unlike anything we’ve seen before! I suppose just like encrypting your files, this gorgon will turn your files into stone? 2-spyware.com has the Gorgon uninstall guide here.
Crypton Ransomware screenshot
Not a frightening interface design like your typical ransomware. This dark grey texture is modern and the text is clean and concise. Could taking the scare factor out of the design lead to faster conversion of sales? Are hackers split testing their designs? Photo Source: BleepingComputer.com
Photo Source: BleepingComputer.com
StalinLocker ransomware gives you ten minutes to enter the correct decryption key or it will delete all your data. While the clock is ticking, this ransomware plays the USSR anthem with a large photo of Stalin. This ransomware was discovered by MalwareHunterTeam and featured on BleepingComputer.com
PUBG ransomware doesn’t ask for any money, just that you play PlayerUnknown’s Battlegrounds for one hour in exchange for a decryption key. However, it’s been verified by VG24/7 that you only need to run the game for three seconds.
ZENIS ransomware looks like a simple html document without a CSS stylesheet attached. Plainer than vanilla.
Why would SAMSAM have such horrible alignment for their headlines? To me, that’s pretty scary as a designer.
Unusual ransomware that requests you to download the Tor browser to follow additional payment instructions.
Saturn ransomware is to the point and centered. 1,2,3. Black and white, no imagination. Not even a picture of Saturn.
This ransomware looks seriously scary. Not only that, they took advantage knowing most people are terrified of spiders. For this design, I personally would like to see more spiders. However, I’m sure knowing you have ransomware is scary enough. Would like to see more creativity.
ESET has researched the BadRabbit ransomware and believes it is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan. No rabbits in the interface design. Come on, perhaps a design with creativity saying…”If you don’t pay within 40 hours, the rabbit dies along with your files…”
This unique ransomware demands you to send 10 nude photos of yourself. I don’t understand the train and cursing. Horrible. This is the most unique request of payment I’ve seen. Makes us wonder what else they will ask for in the future.
WannaCry ransomware screen shot. AKA WannaCrypt, WanaCrypt0r, Wana Decrypt0r 2.0, WCRY, WNCRY. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry, a ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. This ransomware has a unique decrypt button allowing victims to decrypt a sample of files. Perhaps building trust that the victim’s files will be decrypted upon payment. As of 19 May 2017, the attacks have slowed down and is presumed to be extinct. Though, isolated reports are coming from the countries, already affected by the ransomware attack. Unconfirmed sources have also alleged that a newer and a more powerful version of the virus would be released and infect the major computer systems all over the world.
cryptolocker screenshot- The red screen means business. Tick tock… The design looks like antivirus sorftware that needs an update. It looks professionally designed.
Another design/ version of the cryptolocker virus – Another version of cryptolocker. Tiny graphic of a key on top. Scary. Don’t harm my photo of tulips ok?
We also specialize removing the CryptoLocker Virus
PRISM cryptolocker screenshot. Any minute you think the police will break down your door. Not!
You know it looks important when you see random text or lines of code like the movie, The Matrix.
Specialist Crime Directorate ransomware screenshot. Nobody is recording you btw.
Bad English ransomware screenshot – The bad English in this one made me laugh.”our team help you to solve this problem, but not for free. .. “What virus do” “what our team do” …
Another version / design of CryptoLocker. The white text on the red background isn’t very user friendly. Neither is the demand for bitcoins. I love that they want you to disable your antivirus to prevent the removal of this fine software.
Cryptowall screenshot – Another relative of the cryptolocker, this ransomware is considered the revised, newer version of cryptolocker.
We also give support to businesses afected by the CryptoWall Ransomware
Synolocker? Because you sigh and then scream “noooooo!” when you see this screen. It’s trademarked? wait a minute… Don’t sue me too.
They claim you violated a copyright law. I’m pretty sure they didn’t pay for those stock images of the men on the right and handcuffs on the keyboard etc.
Similar ransomware designs. Notice this design looks similar to the one above. Handcuffs on the keyboard is the ransomware trend these days. Or who copied who?
American symbols, yet the real Homeland security is not accepting payments in bitcoin… interesting.
Maktub Locker Ransomware Screenshots – Well at least they start off with a warm greeting and apologize for the situation. Nice design and very user friendly, making ransomware a breeze and as easy as 123.
Take a look at the other Maktub ransomware screenshots
If you’re getting ransomware in another language, I don’t know what to say. You’re probably opening up some crazy emails. Good luck.
teslacrypt creators launches a key for victims to decrypt. 🙂 Check out the article: TechCrunch
Luckily, there’s a decryption tool for this ransomware by Demonslay335 – Read about it on bleepingcomputers.com
They claim they took a photo of you, including videos and recent activity on the computer. I hope I was looking my best. LOL. This is bogus. You’re not going to prison.
FBI online agent has blocked your computer – No, FBI agents are not blocking you. Looks funny that there’s a “case number”
Ransom32 – Can I reply to this cyber criminal and point out the grammatical errors. Can I get a discount? lol 😉
I don’t want to download Tor. Can’t we just go about this using Safari?
Congratulations? They act all cute until you read what’s going on.
Another Petya ransomware screen shot. – Don’t worry there’s a free decrption tool here mentioning both variants.
When I think ransomware, Petya ransomware hits the nail on the head with their design. One look at this and you know you’re in trouble. Nice touch with the dollar sign in the ASCII art.
cryptorbit ransomware – They really stand out using a yellow background. Really surprised they used a picture of an unlocked lock.
Really surprised to see they want a Paypal payment.
DMA Locker 4.0
keyranger virus screenshot:
This is the first instance of Apple having to shut down a ransomware attack on OS X Mac users. KeRanger Ransomware Read more
Are you seeing any of these Ransomware screens?
Remember, if you have backups of your data, you’ll never have to worry about paying a ransom.
Give us a call if you want to help prevent ransomware or if you need assistance dealing with ransomware! (619) 325-0990. Also keep in mind, there’s some steps to take if you do become a victim of ransomware.
Still not sure what ransomware is?
If you are seeing one of these ransomware screens, unplug your computer from your network, power off, and
give us a call for immediate ransomware removal services (619) 325-0990. We utilize your data backups to remove ransomware and help your company mitigate security risks.
Here’s what to do if your computer has ransomware