Common Types Of Ransomware

Ransomware has been around since the late 1980s and has been evolving ever since. As a result, it now appears in a variety of forms. As cybersecurity professionals discover how to prevent and counter various types of attacks, hackers remain hard at work finding ways around our defenses. In this article, we’ll explore several different types of ransomware, how they’re spread, their effects, and how to protect yourself. 

Ransomware affects individuals and businesses alike. As remote work becomes increasingly common and the line blurs between personal and business use of devices, employees become more likely to access systems using public networks, download third-party apps, and allow others to use their work devices. These trends intensify the risk to businesses. Being aware of how ransomware works and the various types that criminals are using is an important step in protecting yourself and your business.  

Crypto Ransomware 

Crypto ransomware works by encrypting a user’s data, making it unreadable. Hackers then demand ransom in exchange for a decryption key. WannaCry, Petya, and GoldenEye are well-known examples of crypto ransomware that have cost businesses billions of dollars.  

WannaCry exploits a Windows OS vulnerability using a hack that was reportedly developed by the NSA and then leaked by hackers. While Microsoft had released a patch several weeks before WannaCry attacks began, users who weren’t regularly updating their software remained vulnerable. Attackers demanded Bitcoin payments, threatening to delete users’ files if the ransom wasn’t paid within three days. However, there was no way to associate payments with individual devices, and it’s uncertain whether anyone got their files back after paying the ransom. 

Petya works by encrypting the master file table, preventing access to the device’s hard drive. It is spread by exploiting the same vulnerability that WannaCry does as well as through phishing emails; one version was spread via an infected Dropbox link. GoldenEye is a newer version of Petya that affected international corporations, public transportation agencies, and critical infrastructure targets. 

Exfiltration Ransomware 

Also known as doxware or leakware, this type of ransomware steals sensitive data from users and encrypts it. Cybercriminals then threaten to publicly release the information if ransom isn’t paid. Criminals can gain access to sensitive information in a variety of ways, including phishing, credential stuffing, or exploiting vulnerabilities in outdated software. Such attacks have been used to target businesses, which can suffer economic and reputational damage as a result of such leaks, as well as individuals. 

DDOS Ransomware 

A distributed denial-of-service (DDOS) attack disrupts a company’s network services by sending a flood of connection requests from a variety of sources, overwhelming the system’s capabilities. These are often used to extort ransom from targeted companies, which may be unable to provide service to their customers while the attack is ongoing. Even if the initial ransom demand is paid, however, the attackers might ask for additional payments or lodge subsequent attacks to extort more money from a victim business. 

Screen Lockers 

Screen-locking malware locks a device, preventing users from accessing it. Cybercriminals will often distribute this malware via phishing emails and then demand ransom to restore access to the device. This type of malware, however, does not use encryption and relies on less sophisticated technology than other types. As a result, it can often be removed with basic antivirus software.   

Ransom Cloud Attacks 

Ransom cloud attacks target cloud-based systems like Office 365 and Google G Suite. Attackers commonly send out phishing emails that contain malicious downloads, which may be disguised as security software. Once the malware is downloaded, criminals may then use their newly gained access to impersonate the account owner and persuade others to install the malware as well.  

Preventing Ransomware Attacks 

Fortunately, there are several steps you can take to prevent yourself and your business from falling victim to ransomware attacks. Implementing cybersecurity awareness training is an important foundational measure. Making your employees aware of current threats and basic digital hygiene practices is a low-cost way to avoid many threats. Instruct employees in these best practices: 

• Regularly update software, including antivirus and antimalware programs,. 
• Perform regular system backups. 
• Use secure passwords as well as two-factor or multifactor authentication where supported. 
• Always use secure Wi-Fi networks to connect to internal systems. 
• Avoid clicking on suspicious links or downloading material from unverified sources. 

• Be alert that emails that seem to be from trusted providers like Microsoft or Google are often phishing attempts. Always check the sender’s address to ensure it matches the company supposedly sending the email. For added safety, navigate to the company’s website using your browser rather than clicking links inside the message. 
• Never click a password reset link that you haven’t requested. 
• Never enter sensitive information into an attachment or linked page. 
• If you think you may have provided information to scammers, alert your IT team immediately so they can take remedial steps. 

Pendello Solutions is a reliable cybersecurity partner for small and medium-sized businesses. Our managed cybersecurity services will help you identify vulnerabilities, remedy them, and keep your systems running smoothly. Preventing attacks before they happen saves time, money, and headaches. For more tips on protecting your business, browse our blog.