Ransomware attacks have become an epidemic plaguing individuals, businesses, and government organizations around the world. These cyber attacks encrypt or block access to data and systems while demanding ransom payments for restoring access. Understanding the different types of ransomware attacks is key for properly defending against them.
This comprehensive guide will educate you on 9 major types of ransomware attacks, provide recent real-world examples, and give tips on prevention and dealing with attacks.
What is Ransomware and How Does it Work?
Ransomware is a form of malicious software that locks or encrypts a victim‘s files, rendering them inaccessible until a ransom demand is paid. It has become one of the top online threats facing the world today.
Most ransomware is delivered through phishing emails containing malicious attachments or links. Once clicked, the ransomware installs itself and starts encrypting files using complex algorithms. It displays a ransom note demanding payment, typically in cryptocurrency, in exchange for a decryption key.
Attackers target businesses and institutions that rely on day-to-day operations of their digital files and systems. By threatening disruption, ransomware attackers are able to extort increasingly higher ransom payments.
Breakdown of The 9 Major Types of Ransomware Attacks
There are many variants of ransomware but most attacks tend to fall under 9 major categories:
1. Encrypting/Crypto Ransomware
Encrypting or crypto ransomware is the most common type of attack. The ransomware encrypts files, making them inaccessible to the rightful user. Payment is demanded in order to receive a decryption key.
Recent Examples
The Clop ransomware campaign first appeared in mid-2019 but ramped up attacks in early 2023. Using leaks of security flaws, it target technology companies in the software auditing and supply chain sector across Europe and North America. Victims had their sensitive data stolen and encrypted. Damages have reached an estimated $200 million so far.
Another example is the wide-reaching WannaCry attack of 2017. Using an exploit leaked from the NSA, it infected over 230,000 computers worldwide. It brought down hospital systems, manufacturing plants, government entities, and critical infrastructure. Estimated damages were over $4 billion.
Prevention Tips
- Backup your data regularly and keep it offline
- Install security patches and software updates promptly
- Use firewalls and antivirus software
- Develop an incident response plan for attacks
2. Scareware Ransomware
Scareware, also known as fake antivirus software, deceives victims into believing ransomware or other malware has infected their system. Victims are tricked into purchasing and installing bogus software to remove the non-existent threats.
Recent Examples
The MacKeeper scareware makes false claims of malware infections on Mac devices. Through aggressive social engineering campaigns, it has swindled victims out of millions for needless and harmful system scans and fake upgrades.
The Windows Defender Alert scam pops up alerts to call a fake Microsoft helpline number. The criminals then gain remote access to infect the device with actual malware disguised as antivirus software.
Prevention Tips
- Verify alerts and pop-up messages before calling helplines
- Only download software from official vendors
- Use reputable antivirus software
3. Screen Locking Ransomware
This ransomware, also known as locker ransomware, locks users out of their devices by restricting access to the system and files. The lock screen displays payment demands and threats if users don‘t comply.
Recent Examples
Over half a million Android mobile devices were infected with the Koler Trojan horse, which changed device PINs and forced users to pay $50 to regain access. Several variants have since emerged including Lockdroid, which locks phones using ransomware masked as porn apps.
The Ragnar Locker attack encrypted company servers and workstations of electronics company XMPro. Attackers demanded 220 Bitcoins (around $3.8 million) to decrypt files and not leak sensitive stolen data.
Prevention Tips
- Avoid sideloading apps from unverified sources
- Install system and security updates promptly
- Use strong PINs/passwords and multi-factor authentication
4. Mobile Ransomware
Attacks specifically targeting mobile devices like smartphones, tablets, and wearables are referred to as mobile ransomware. It locks access to data and apps on mobile operating systems like Android and iOS.
Recent Examples
The Android Defender malware posed as a legitimate anti-virus app on Google Play, managing to infect over 5,000 users before being taken down. It locks all data until a payment is sent.
Security researchers uncovered Filecoder, an Android ransomware distributed through fake Adobe Flash update links. It encrypts user files and threatens data leaks if ransom goes unpaid. At least 30 different Filecoder variants are known to exist.
Prevention Tips
- Install apps only from official iOS and Android stores
- Keep mobile operating systems and apps updated
- Perform regular mobile data backups
5. Leakware Ransomware
Also known as extortionware and doxware, this attack threatens to publicly release sensitive stolen data if ransom demands are not paid. It is extremely damaging for companies holding customer data, intellectual property, and other confidential information.
Recent Examples
The REvil gang launched a double extortion attack on entertainment law firm Grubman Shire Meiselas & Sacks. They stole and encrypted critical data, demanding $21 million for its return while threatening to leak highly damaging client documents belonging to stars like Lady Gaga and Madonna.
CL0P leakware operators stole private company documents from accounting software provider Accenture and gave a deadline for paying $50 million ransom or have them published publicly.
Prevention Tips
- Implement strict access controls for sensitive data
- Train employees to spot social engineering and phishing attempts
- Use encryption for stored and transmitted data
6. DDoS Ransomware
Short for Distributed Denial of Service, DDoS ransomware attacks flood systems with traffic to overwhelm and crash them. Attackers demand ransom to stop crashing target networks or websites with continual floods of junk data requests.
Recent Examples
The record-setting 2.3 Tbps DDoS attack used an estimated 15,000 hijacked video camera devices to take down a France-based web-hosting provider. The perpetrators demanded a 10 Bitcoin ransom (around $95,000 at the time).
Cyber gang CoomingProject launched DDoS attacks on US schools while sending messages demanding ransom payments to stop. School operations were disrupted due to website crashes leading to temporary remote learning or cancellations.
Prevention Tips
- Maintain updated DDoS mitigation protection services
- Implement traffic filtering and load balancing solutions
- Establish contingency plans for potential outages
7. Doxware Ransomware
Similar to leakware, doxware theft and threatens exposure of sensitive stolen files and documents if ransom is unpaid. These graphic threats put additional pressure on victims to meet cybercriminal ransom demands.
Recent Examples
Vice Society hacked technology company Ubiquiti Networks removing customer data and demanding $2.5 million to avoid leaking it. After nonpayment, they uploaded user email addresses, full names, login IDs, passwords, and IP addresses to public sites.
The dark web site Ransom Bharat leaked Indian customer data stolen from insurers like Bajaj Allianz while demanding cryptocurrency payments to stop further releases.
Prevention Tips
- Comply with data protection laws and best practices
- Develop plans for timely breach exposure communications
- Carefully assess risks before paying ransoms
8. Ransomware-as-a-Service (RaaS)
RaaS allows cybercriminal developers to sell or lease ransomware code to affiliates or buyers. This organized ransomware distribution model has opened attacks to criminals of all levels through user-friendly malicious kits.
Recent Examples
REvil introduced the RaaS model offering easy-to-use interfaces and ransomware bundles starting at $100 per month. Affiliates split profits with REvil developers once victims pay up. It enabled waves of attacks across many economic sectors and countries. Damages have exceeded $150 million.
Another RaaS called Thanos gave customers decryption keys to unlock sample files on infected computers, proving their ransomware effectiveness before victims fully pay ransoms.
Prevention Tips
- Educate staff on latest social engineering tactics
- Continuously evaluate and shore up backup systems
- Ensure offline backups remain isolated from networks
9. Double Extortion Ransomware
Increasingly advanced attacks are using a double extortion scheme that combines data encryption along with information theft and public leak threats if ransom demands are not met.
Recent Examples
Quantum launched coordinated attacks in December 2022 exploiting antivirus software driver vulnerabilities to infect dozens of hospitals, emergency services, and transportation networks while threatening to leak confidential data. Multiple facilities have been crippled, delaying medical procedures and treatments.
The Black Basta group claimed another double extortion attack on government contractor Peraton. After encrypting files and backups, it demanded $5 million in Monero cryptocurrency and threatened to auction the company‘s data on the dark web.
Prevention Tips
- Harden security of public-facing systems and servers
- Rapidly apply software updates, patches, and remediations
- Isolate backups and use air-gapped storage solutions
Conclusion: Preparing Defenses Against Ransomware
Ransomware attacks can seem ubiquitous, overwhelming, and extremely damaging to individuals, companies, and institutions around the world. Understanding the different types of ransomware and attacks trends is crucial for properly defending yourself or your organization.
Implementing best practices for access controls, social engineering education, keeping software updated, comprehensive data backup solutions, and response attack plans can help mitigate potential harm.
No one preventative solution is enough. Ransomware resilience requires secured systems defense in depth leveraging layers of complementary security solutions together with tested processes for timely incident response.
Staying informed, vigilant, and properly prepared is our best recourse against the ever-evolving threat of ransomware.
