Here’s a collection of 47 ransomware screenshots. These examples of ransomware are frequently updated. (last updated 12/10/19)
Here you can see how the interface design of ransomware varies, but the demands are very similar.
Let us know in the comments below which ransomware screenshot creeps you out the most. (mine personally is the Jigsaw ransomware – that puppet alone on my screen staring into my eyes is the worst.)
Ransomware definition: A type of malicious software designed to block access to a computer system until a sum of money is paid.
We see a range of payment methods accepted from Bitcoin, MoneyPak, and Paypal. Not to mention, strange forms of payment such as sending nudes and playing an online game. Seems like we’ve only seen the “tip of the iceberg” of what’s evolving for ransomware.
Notice the psychological tricks they play on your emotions. A couple ransomware screenshots declare they took a photo and video of you using your webcam as evidence. Others use a countdown timer promising the key will be destroyed and you’re out of luck.
Do you have Ransomware?
Check out our complete Ransomware Guide
How would you feel if you saw one of these on your computer screen / phone screen? Let us know in the comments section below! Here’s the first screenshot example of ransomware:
Snatch Ransomware Screenshot:
This screenshot does not look like your trypical ransomware splash screen. In fact, everything about this ransomware is unique. This variant reboots the victim’s computer into safemode to bypass your PC’s protection. Everything about Snatch ransomware is explained at Sophos.
Ryuk Ransomware Screenshot:
TFlower Ransomware Screenshot:
TFlower is being spread by exposed Remote Desktop services. Here’s the ransom note below:
Nemty Ransomware Screenshot:
Nemty ransomware makes it clear that they don’t care about you, just getting a payment from you is their focus. They also don’t “practise” using spell check lol.
Goldeneye Ransomware Screenshot:
Android/Filecoder.C Ransomware Screenshot:
Android / Filecoder ransomware is sent via sms text message. This android ransomware spreads through the victim’s contact list. To increase the potential victim’s interest, the link suggests the victim’s photos are used in an app. This ransomware also has 42 language versions and chooses the version that fits the victim device’s language setting. What’s extra unique is the extra step malware takes to personalize with the victim’s name.
Filecoder.C photo source:
This MegaCortex ransomware screenshot:
includes the hackers’ email addresses for soliciting their software to restore your data. Very interesting that they are also selling cyber security consulting! Would you trust them as a customer?
Gorgon Ransomware Screenshot:
A file locking virus asking for 0.3 worth of bitcoin. The green splash screen with a gorgon’s head is a new design unlike anything we’ve seen before! I suppose just like encrypting your files, this gorgon will turn your files into stone? 2-spyware.com has the Gorgon uninstall guide here.
Zcryptor Ransomware Screenshot Example:
Crypton Ransomware screenshot
Not a frightening interface design like your typical ransomware. This dark grey texture is modern and the text is clean and concise. Could taking the scare factor out of the design lead to faster conversion of sales? Are hackers split testing their designs? Photo Source: BleepingComputer.com
StalinLocker ransomware gives you ten minutes to enter the correct decryption key or it will delete all your data. While the clock is ticking, this ransomware plays the USSR anthem with a large photo of Stalin. This ransomware was discovered by MalwareHunterTeam and featured on BleepingComputer.com
Related Post: Amazon Password Reset Phishing Scam
“Someone tried to reset your password from Dayton, Ohio, if you have not requested this code…”
PUBG Ransomware screenshot example:
PUBG ransomware doesn’t ask for any money, just that you play PlayerUnknown’s Battlegrounds for one hour in exchange for a decryption key. However, it’s been verified by VG24/7 that you only need to run the game for three seconds.
ZENIS ransomware screenshot example:
ZENIS ransomware looks like a simple html document without a CSS stylesheet attached. Plainer than vanilla.
SAMSAM Ransomware example:
Why would SAMSAM have such horrible alignment for their headlines? To me, that’s pretty scary as a designer.
Saturn Ransomware example:
Saturn ransomware is to the point and centered. 1,2,3. Black and white, no imagination. Not even a picture of Saturn.
File Spider ransomware example:
File spider ransomware looks seriously scary. Not only that, they took advantage knowing most people are terrified of spiders. For this design, I personally would like to see more spiders. However, I’m sure knowing you have ransomware is scary enough. Would like to see more creativity.
Bad Rabbit Ransomware screenshot:
ESET has researched the BadRabbit ransomware and believes it is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan. No rabbits in the interface design. Come on, perhaps a design with creativity saying…”If you don’t pay within 40 hours, the rabbit dies along with your files…”
nRansom Ransomware screenshot:
WannaCry Ransomware Screenshot:
WannaCry ransomware screen shot. AKA WannaCrypt, WanaCrypt0r, Wana Decrypt0r 2.0, WCRY, WNCRY.
The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry. It’s a cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
This ransomware has a unique decrypt button allowing victims to decrypt a sample of files. Perhaps building trust that the victim’s files will be decrypted upon payment.
As of 19 May 2017, the attacks have slowed down and is presumed to be extinct. Though, isolated reports are coming from the countries, already affected by the ransomware attack.
Unconfirmed sources have also alleged that a newer and a more powerful version of the virus would be released and infect the major computer systems all over the world.
Caution: Text Messages Asking for Google Account Verification Codes Scam “I received a google verification code but didn’t request it.”
CryptoLocker Ransomware Screenshots:
WhyCry Ransomware screenshot:
We also specialize removing the CryptoLocker Virus
Specialist Crime Directorate ransomware screenshot:
Bad English Ransomware Screenshot Example:
Cryptowall Screenshot example:
We also give support to businesses affected by the CryptoWall Ransomware
Another example of “Cryptowall”
Synolocker Ransomware Example:
PRISM Ransomware example screenshot:
FBI Cybercrime Division Ransomware Example:
Polite Belgique Police Federale Ransomware Example:
ICE-Homeland Security Investigations ransomware:
MAKTUB LOCKER Ransomware Screenshot:
(unknown) Russian Ransomware Screenshot? Anyone care to translate?
TESLACRYPT Ransomware example:
Jigsaw Ransomware screenshots:
The creepiest ransomware screenshot I’ve seen!
Computer Maintenance Checklist
Always have a fast computer when you do these EASY tips
More “FBI” Ransomware screenshots:
Ransom 32 Ransomware screenshot example:
Unnamed ransomware screenshot:
NotPetya Ransomware Screenshot:
Petya Ransomware Example:
Another Petya ransomware screen shot. – Don’t worry there’s a free decrption tool here mentioning both variants.
Cryprobit Ransomware Screenshot:
Locky Ransomware Screenshot:
DMA Locker 4.0 Ransomware Screenshot:
Ryuk Ransomware Screenshot:
Keyranger Ransomware Screenshot example:
Are you seeing any of these Ransomware screens?
Remember, if you have good backups of your data, you’ll never have to worry about paying a ransom.
Give us a call if you want to help prevent ransomware or if you need assistance dealing with ransomware! (619) 325-0990. Also keep in mind, there’s some steps to take if you do become a victim of ransomware.
Still not sure what ransomware is?
If you are seeing one of these ransomware screens, unplug your computer from your network, power off, and
give us a call for immediate ransomware removal services (619) 325-0990. We utilize your data backups to remove ransomware and help your company mitigate security risks.
This blog post was featured in: blogs.cisco.com