- When it comes to cybersecurity, ransomware is probably one of the first threats that comes to our minds. Today, ransomware is among the major cybersecurity threats affecting individuals, businesses and organisations every day.
- This article contains 5 major types of ransomware attacks, including crypto ransomware, locker ransomware, scareware, leakware and double extortion ransomware.
- Regardless of the type of ransomware, backing up data in advance and proper employment of security software can significantly reduce the intensity of an attack.
Ransomware is one of the most effective strategies for attacking businesses, critical infrastructure and individuals. This type of malware infects computers and prohibits or severely restricts users and external software from accessing devices or entire systems until ransom demands are met.
For a long time, there were only two major types of ransomware: crypto and locker ransomware. Today, unfortunately, more types of ransomware have emerged, targeting users and organisations with different approaches.
5 major types of ransomware attacks
1. Crypto ransomware
This kind of ransomware makes unavailable your important files and data, including documents and multimedia, by encrypting them and taking away the decryption key. Still, the other functionalities of the victims’ computers remain intact.
Attackers then demand a ransom in exchange for the decryption key. They often provide a countdown and a warning that files will be deleted if the ransom is not paid. Victims tend to pay the ransom depending on how sensitive and important the encrypted data is. However, you cannot guarantee that the attackers will return the decryption key. A well-known example of crypto ransomware is WannaCry, which affected hundreds of thousands of computers in over 150 countries in 2017.
2. Locker ransomware
Locker ransomware, also called “screen lockers,” locks your computer once it’s attacked, making all or some of the system data and functionalities inaccessible. For instance, you may not be able to access the computer desktop, but you might still be able to operate the mouse and keyboard with limited functionality.
Here, the attackers only allow you to interact with the screen that shows the ransom note. Since the important data remains unencrypted, it will not be destroyed. This type of ransomware also often includes a countdown clock to force the user to pay the ransom as soon as possible.
3. Scareware
Scareware, as its name implies, scares users by informing them that their computers have been infected with malware. It tricks them into paying a fee or purchasing antivirus software to fix the problem. Scareware usually comes with pop-ups when you visit or install software infected with it. And here is the primary play here: your computer has not yet been infected with malware — but the antivirus software the scareware asks you to pay for is malicious.
Scareware can also be distributed through spam emails, which trick users into buying something that has no value. Those purchases can include malware, which can steal sensitive user information. An example of scareware is Antivirus Pro 2010, which infected computers through malicious ads and pop-ups.
Also read: What to understand about APNIC IPv6 addresses?
4. Leakware (Exfiltration)
Leakware is ransomware that goes further than encrypting your sensitive data. It threatens to leak your data to the public or third parties unless you pay their ransom demand. As a result, it is a more dangerous type of ransomware than traditional crypto ransomware.
Like crypto ransomware, leakware encrypts the data set, making it inaccessible, and keeps the encryption key with the attacker. They ensure that this data is confidential to the victim(s), so leaking it could potentially harm the individual or the organisation.
5. Double extortion ransomware
The attacker encrypts files and exports data to blackmail the victim into paying a ransom. The attacker threatens to publish stolen data if their demands are unmet, even if the victim can restore their data from a backup. An example of double extorsion ransomware is Ryuk, which targeted several large companies in the United States and Europe in 2019 and 2020.
Also read: What is open banking? A short guide
How to prevent ransomware attacks?
Ransomware prevention is a huge challenge for organisations of all types and sizes, with no magic-bullet remedy. Experts say enterprises need a multi-pronged ransomware prevention strategy that includes the following:
Defence-in-depth security
A defence-in-depth approach has layered security controls that work in concert to block malicious activity. If malware manages to sneak past one control, the hope is that another overlapping security mechanism will stop it.
Advanced security controls
While basic cybersecurity controls can recognise and catch many known ransomware variants, advanced protection technologies are more likely to uncover novel attacks. Consider tools and strategies such as extended detection and response (XDR), managed detection and response, Secure Access Service Edge, SIEM, user and entity behaviour analytics, zero-trust security and cyber deception.
Patch management
When the WannaCry ransomware attack first struck in May 2017, it took advantage of a known vulnerability for which Microsoft had released a patch two months earlier — one that hundreds of thousands of victims had not yet deployed. Remarkably, organisations with unpatched systems continue to fall victim to WannaCry and many other legacy attacks.
Data backups
Backups of critical data can effectively short-circuit a ransomware attack, letting an organisation restore operations without entertaining cybercriminals’ demands. Crucially, however, the backup must be inaccessible from the primary IT environment so threat actors can’t find and encrypt it during the intrusion. It is also important to note that while backups are an important part of ransomware defence, they are not a cure-all, especially in the event of double or triple extortion attacks.
Ransomware attacks have many different appearances and come in all shapes and sizes. The attack vector is an important factor for the types of ransomware used. To estimate the size and extent of the attack, it is necessary to always consider what is at stake or what data could be deleted or published. Regardless of the type of ransomware, backing up data in advance and proper employment of security software can significantly reduce the intensity of an attack.