We’ve been seeing multiple new strains of BTCWare including Wyvern, Nuclear and Gryphon. The BTCWare family of ransomware first inflicted damage back in March when it was going by the name CrptXXX. Whatever the name, this family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop Protocol (RDP). Once they gain access to a computer, cyber criminals install the ransomware and encrypt the victim’s files. Credited with around 10 infections per day, BTCWare boasts similar stats as Locky. These latest variants leverage the same tried and true encryption method as previous BTCWare variants, but unfortunately for victims, at this time there is no way to decrypt files for free. Fortunately, Barkly is able to block BTCWare automatically, before it can do any damage (see it in action vs. BTCWare in the video below, and learn how Barkly's protection works here).
Article Link: https://blog.barkly.com/btcware-ransomware-gryphon-nuclear-wyvern-variants