Contents:
Cyberthieves of today are adaptable – they are excellent at finding new ways to survive and evolve, such as creating new types of ransomware to attack our devices. Knowing the different types of ransomware attacks helps you plan your defenses and reduces the risk of getting infected.
In today’s article, we’ll explore the five most common types of ransomware. Let’s get right into it!
1.Crypto-Ransomware
As one of the oldest and most common forms of ransomware, crypto-ransomware finds valuable data on a computer network, and then encrypts it, making it unusable. Attackers then demand payment and will (in theory) provide businesses with the key to unlock the files.
This type of ransomware can infect all files on a device or select specific ones. It is also possible for some variants to spread beyond the device itself by infecting shared or networked drives or even cloud storage, potentially spreading the problems throughout the organization. Typically, however, the machine remains functional.
Traditionally, ransomware groups would use phishing techniques to spread malicious software onto systems, but more sophisticated methods, such as drive-by downloads hidden in malvertising, are also commonly used.
The prevalence of this type of attack is decreasing as companies become aware of ransomware and increase their defenses. The damage caused by this type of ransomware can be mitigated by having comprehensive, regularly-updated off-site backups or even continuous data protection tools. To counter these attempts, hackers who continue to use these tools have added timed delays to their malware to infect backups.
2.Locker-Ransomware
Similar to crypto-ransomware, locker-ransomware locks users entirely out of a system, often leaving them with no choice but to pay the ransom.
Typically, individuals will see only a lock screen with instructions on how to pay and a countdown clock to instill urgency – with the threat that if the ransom demand is not met, the device will go permanently unusable.
Ransomware attacks of this type usually target systems rather than user files, so users are less likely to lose data if they pay the ransom and restore access. However, as with crypto-ransomware, locker-ransomware prevents businesses from operating normally, making many companies feel like they must pay the hackers to regain functionality.
This can cause systems to become unrecoverable in severe cases. For example, one of the most expensive attacks in history was the Petya ransomware variant that destroyed 49,000 laptops and 3,500 servers belonging to Danish shipping company Maersk, costing the company $350 million.
However, LockBit is one of the most prevalent ransomware variants of this type today. Researchers found that in 2022, 16% of all attacks were caused by this strain. This marked an increase of over 600 percent from 2021, when it was practically unheard of, making it last year’s most common ransomware strain.
The LockBit ransomware continues to plague businesses in 2023. For instance, the UK’s Royal Mail postal service was forced to halt its overseas package processing early in the new year due to disruption caused by this type of ransomware.
3.Scareware
Previously, social engineering-based attacks, known as scareware, tricked users into paying to fix computer problems that did not exist. In a classic form, malware will send multiple pop-up warnings that a device has been infected with a virus and urge users to download paid-for ‘antivirus’ software to remove it. This is highly likely to introduce additional malware to the system.
Whether or not scareware should be considered a ransomware type in its own right is debated. Still, many of these attacks can be highly disruptive, flooding the screen with warnings or, in some cases, removing functionality through locker ransomware. In addition, because it disrupts systems until a payment is made, the impact will be the same for most victims.
To prevent this type of attack, all employees must understand how to spot the signs of these attacks, regardless of their technical knowledge.
4.Double-Extortion Ransomware
A double extortion ransomware attack is one of the most common ransomware tactics used today – and one of the most dangerous. During the exfiltration of data from networks and encrypting systems, criminals gain more leverage when demanding ransom.
Last year, 89% of ransomware attacks exfiltrated personal data. However, this has rapidly become the most prevalent form of a ransomware threat. With half of the attacks sending data to China or Russia, this marked a 9% increase over 2021.
If a ransom is not paid by a specific date, attackers may publicly release data through a technique known as doxware. This aims to add time pressure and increase the risks of not paying. Hackers may also threaten to inform regulators or stakeholders of the data breach, which could even harm a business’s reputation and finances.
There is even a subvariant of this type of ransomware called triple-extortion ransomware, which piles even more pressure on businesses to respond quickly. A further attack, such as a Distributed Denial of Service (DDoS), can be used to accomplish this. On top of the threat of data exposure, the threat of further disruption to an organization can serve as another incentive for businesses to pay.
Often, such techniques target businesses particularly vulnerable to data breaches, including the healthcare, technology, and financial services industries. A double extortion attack was conducted by the Hive ransomware group on New York-based ambulance provider Empress EMS in September 2022, for example.
5.Ransomware-as-a-Service
As a dark web business model, Ransomware-as-a-Service (RaaS) helps hackers streamline their attacks against ransomware. This software was developed to handle all aspects of a ransomware attack, from sending out the actual ransomware to collecting payments and restoring user access automatically for the cyberthief. In exchange for a cut of the loot, ransomware as a service (RaaS) handles the entire attack, from distributing ransomware to collecting payments and restoring access.
RaaS is a highly competitive market. In addition to RaaS portals, RaaS operators have marketing campaigns and websites that look exactly like your company’s campaigns and websites. They’re active on Twitter, have videos, and whitepapers.
Among the well-known RaaS kits are Locky, Goliath, Shark, Stampado, Encryptor, and Jokeroo; there are many others, and RaaS operators regularly disappear, reorganize, and reorganize, and re-emerge with newer and better ransomware.
Our Go-To Tips for Ransomware Defense
- Improve the robustness of Internet-facing apps by practicing excellent IT hygiene.
- Implement and improve email security;
- Harden endpoints;
- Use offline backups to protect data from ransomware and restrict access to virtualization management infrastructure;
- Implement an Identity and Access Management (IAM) program;
- Create and test an Incident Response plan;
- Know when to ask for help.
How Can Heimdal® Protect You Against Ransomware Attacks?
Heimdal’s Ransomware Encryption Protection is a groundbreaking 100% signature-free module that ensures market-leading detection and remediation of any ransomware strain, fileless or file-based.
This module was designed to work with any antivirus software. The best part about Ransomware Encryption Protection is that it complements your antivirus rather than replaces it.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Here’s a quick rundown of what Ransomware Encryption Protection can do for your business:
- Prevent data breaches by protecting your networks and endpoints against fraudulent encryption attempts;
- Eliminate downtimes caused by ransomware assaults;
- Reduce and eliminate post-ransomware impacts;
- Improve the detection capabilities of your current cybersecurity software;
- Increase conformity;
- Get comprehensive defense against zero-day vulnerabilities;
- Increase your ROI;
- Combine with any SIEM for improved detection of policy violations.
Ready to take it for a spin?
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.