Updated March 30, 2023
Introduction to Ransomware types
Cybercriminals utilise ransomware as a sort of malware (malicious software). When ransomware infects a system or network, it either encrypts its data or disables access to the system or. In exchange for unlocking the data, cybercriminals expect ransom money from their targets. Therefore, a cautious check and security software are recommended to protect against ransomware outbreak. After being infected with malware, victims have three options: pay the ransom, try to uninstall the software, or reset the device. In addition, extortion Trojans commonly exploit Remote Desktop Protocol, phishing emails, and software flaws as attack vectors. In this topic, we will look at the different Ransomware types in detail.
How to Identify Ransomware?
There are 2 types of ransomware that are particularly popular:
1. Locker ransomware
Locker ransomware is a type of ransomware that encrypts files. Malware of this type disables basic computer functionality. For example, you can be denied access to the desktop while the mouse and keyboard are disabled. This permits you to continue interacting with the ransom demand window to pay the ransom. Other than that, the system is functionally useless. However, there is some good news: Locker malware rarely targets essential files, preferring instead to shut you out. As a result, complete data destruction is difficult.
2. Crypto ransomware
Crypto ransomware encrypts important data, like files, videos, and photos, but it does not disrupt the system’s core functioning. Because people can see their files but not access them, this causes panic. In addition, Crypto ransomware can be disastrous due to a large number of users unaware of the necessity for backups in the cloud or on external physical storage devices. As a result, many victims pay the ransom only to regain access to the data.
While each ransomware variation has its own method of spreading, they all use similar social engineering techniques to trick consumers and hold their data hostage. Let’s take a look at the various ransomware variants:
Locky is ransomware that a group of organised hackers first deployed in 2016. Locky encrypts over 160 file types and was transmitted via phishing emails containing malicious attachments. The ransomware was installed on users’ Computers after they fell for the email scam. This method of transmission is known as phishing, and it is a type of social engineering. Locky ransomware targets file types that developers, programmers, engineers, and testers frequently use.
WannaCry was a ransomware attack across the world that affected more than 150 countries. It was built to take advantage of a security flaw in Windows that was established by the National Security Agency (NSA) and leaked by the Shadow Brokers hacker organisation. One-third of all NHS hospitals in the UK were targeted in the attack, which resulted in estimated losses of 92M pounds. Users were locked out of their accounts, and a Bitcoin ransom was asked. Because the hacker used an operating system vulnerability for which a patch had been available for a long time at the time of the attack, the attack highlighted the issue of obsolete systems. WannaCry caused around $4 billion in global financial damage.
5. Bad Rabbit
Bad Rabbit was a ransomware threat that spread by “drive-by” attacks in 2017. The attacks took place on insecure websites. A target visits a legitimate website unaware that it has been hacked in a drive-by ransomware attack. All that is required for most drive-by attacks is for a target to visit a page that has been compromised in this way. However, in this situation, the infection was caused by launching an installer that included disguised malware. This is what is known as a malware dropper. Bad Rabbit tricked the user into installing a phoney Adobe Flash player, infecting the PC with malware.
Ryuk is an encrypting Trojan that propagated in August 2018 and disabled the Windows operating system’s recovery feature. Without an external backup, it was impossible to restore the encrypted data. Ryuk encrypts network hard discs. The impact was enormous, and many of the targeted US organisations paid the ransom demands.
7. Shade or Troldesh
The Shade ransomware attack, also known as Troldesh, occurred in 2015 and was disseminated through spam emails with infected links or file attachments. Surprisingly, the Troldesh assailants used email to speak directly with their victims.
Jigsaw is a ransomware infection that first appeared in 2016. The attack was named after a picture of the well-known puppet from the Saw film franchise. Jigsaw ransomware erased more files with each hour when the ransom was not paid. The choice of the horror movie image added to the users’ fear.
CryptoLocker is a ransomware infection that initially emerged in 2007 and propagated through malicious email attachments. The ransomware looked for and encrypted crucial data on compromised devices.
Petya is a ransomware attack that first appeared in 2016 and was reintroduced in 2017 as GoldenEye. Instead of encrypting specific files, this dangerous ransomware encrypts the entire hard drive of the victim. This was accomplished by encryption of the Master File Table (MFT), rendering files on the hard disc inaccessible. Petya ransomware infiltrated corporate HR departments via a fraudulent app that included an infected Dropbox link.
GoldenEye is a ransomware that is comparable to the notorious Petya ransomware. It spreads through a large-scale social engineering campaign aimed at HR departments. When a target receives a GoldenEye-infected file, a macro is launched secretly on the victim’s computer, encrypting files.
Conclusion – Ransomware types
Ransomware attacks occur in several ways and come in a variety of sizes and shapes. Additionally, the type of ransomware deployed is influenced by the attack vector. Therefore, it is vital to always evaluate what is at stake or what data could be erased or published when estimating the magnitude and scope of an assault.
This is a guide to Ransomware types. Here we discuss the Types of Ransomware and How to Identify Ransomware. You may also have a look at the following articles to learn more –