An In-Depth Guide to 9 Ransomware Attacks Targeting You

Ransomware attacks exploded by over 150% in 2021, hijacking an estimated thousands of computers per day. Understanding ransomware and its variants is key to securing yourself in the crosshairs. This comprehensive guide examines 9 predominant ransomware attack types – from sly encryption to crippling DDoS – equipping you to recognize and prevent an attack.

What is Ransomware?

Ransomware is a form of malicious software cybercriminals use to extort money from individuals or organizations. It works by encrypting files or locking computer systems, then demanding ransom payment to restore access.

Diagram of how ransomware attacks work

Ransomware attack process (SentinelOne)

Failure to pay could mean losing data forever. But even paying up is no guarantee files can be recovered – and rewards criminals. Damages from ransomware topped $20 billion in 2021.

Overview: 9 Ransomware Attack Types

Cybersecurity researchers have identified over 20 unique ransomware attack variants. Here we detail the 9 most active threats:

Encrypting/CryptoEncrypts data to restrict access
ScarewareFakes infection alerts to sell bogus software
Screen-lockingLocks device access with warnings
MobileTargets smartphones/tablets
LeakwareExfiltrates data before encrypting
DDoSOverwhelms systems via botnets
Ransomware-as-a-Service (RaaS)Sells subscriptions to ransomware
Double ExtortionEncrypts & threatens data leaks
MobileTargets phones/tablets

Now let‘s explore each ransomware variety addressing:

  • How it works: Infection and attack methods
  • Examples: Real-life attacks
  • Prevention: Tips to safeguard yourself
  • Trends: Changes in popularity/potency

1. Encrypting/Crypto Ransomware

Encrypting or cryptographic ransomware is the most common attack type, accounting for over 75% incidents in 2021.

How It Works

The ransomware infiltrates networks via phishing emails or by exploiting unpatched software vulnerabilities. Once inside, it rapidly spreads, encrypting data and storage drives.

Attackers control operations via Command-and-Control (C2) servers. Victims must pay a ransom through difficult-to-trace cryptocurrency to receive the decryption key.

Encrypting ransomware attack process

Encryption ransomware attack methodology (GBHackers)

Without the key, it‘s nearly impossible to recover files.


  • WannaCry (2017): This fast-spreading worm hit over 200,000 systems globally by using leaked NSA tools to exploit Microsoft vulnerabilities. It was the first mega-scale ransomware attack.

  • Ryuk (2018-present): Believed to be run by Russian cybercrime ring Wizard Spider, Ryuk has extracted over $150 million in ransom from organizations like oil transport firm Colonial Pipeline. The 2021 Colonial Pipeline attack disrupted fuel supplies for the U.S. East Coast.

Prevention Tips

πŸ‘‰ Maintain regular offline, encrypted backups

πŸ‘‰ Rapidly install software security patches

πŸ‘‰ Use firewalls and email filters to block threats

πŸ‘‰ Institute cybersecurity staff education

πŸ‘‰ Cyber insurance to manage fallout

Cybersecurity experts recommend pursuing data recovery over paying ransoms whenever possible.


Encrypting ransomware continues to grow in scale and sophistication. In 2021, the average ransomware demand doubled to $2.2 million.

2. Scareware

While less destructive than data encryption, scareware cyber threats prey on human fear.

How It Works

Scareware attackers trick victims into believing ransomware or a virus has already infected devices. Fake security alerts appear onscreen, sometimes accompanied by bogus system scans showing nonexistent infections.

To remove the β€œinfections,” victims are urged to purchase and install bogus anti-virus software or cleaners – often trial versions of the scareware itself. Some variants lock access if victims don‘t comply.

Diagram showing how scareware ransomware cons users

Scareware attack process (MakeUseOf)

In reality, no infection exists outside the scareware. But victims who install the fake anti-virus tools may infect devices.


  • Windows Defender Alert: A 2021 scam mimicked Windows security warnings of the dangerous Zeus banking Trojan. It tricked users into calling fake Microsoft tech support to eradicate infections. The numbers connected to con artists who charged hundreds to "fix" unaffected computers.

  • Antivirus XP: Posing as security software, this malware held computers hostage until victims purchased Antivirus XP. Millions were fooled into downloading the fake product, allowing it to infiltrate systems.

Prevention Tips

πŸ‘‰ Use trusted antivirus software

πŸ‘‰ Never download from pop-ups

πŸ‘‰ Verify site domains before entering info

πŸ‘‰ Turn off browser pop-up alerts

Scareware relies almost wholly on social engineering over code exploits. Caution is your best defense.


Researchers report scareware attacks declining as users grow more vigilant. Still, these schemes continue bilking $1+ million annually from unwitting victims.

3. Screen Locking Ransomware

Screen lockers specialize in device digital hostage-taking.

How It Works

Infection often occurs via tainted website ads. Once downloaded, screen lockers change device backgrounds to ransom warnings threatening consequences like data destruction, legal action or fines.

Screens lock, leaving phones/computers unusable, until ransom demands are met. Some lockers enable limited functionality – cursor movement or app access – but block access to files.


  • Ragnar Locker (2021): Using leaked remote access tools, this attack hit thousands of victims through managed service providers. Ragnar Locker ransomware disabled over 30,000 devices until a $2.3 million ransom was paid.

  • Android Koler: Targeting Androids, Koler is a police ransomware variety falsely claiming devices were locked by authorities for criminal investigations. Only ransom payments to alleged police units can restore access.

Prevention Tips

πŸ‘‰ Avoid suspicious emails and links

πŸ‘‰ Patch all software vulnerabilities

πŸ‘‰ Use multi-factor authentication

πŸ‘‰ Backup regularly

πŸ‘‰ Educate employees

As with most ransomware, human error enabling infection remains the top security weakness.


Android screen-locking attacks are growing more pervasive, with over 30 strains identified in 2022. Fortunately law enforcement takedowns have slowed wider campaigns.

4. Mobile Ransomware

Smartphones and tablets are prime targets for ransomware developers.

How It Works

Attackers design malware-enabled apps or use phishing links to download ransomware onto iOS or Android devices. The ransomware encrypts photo galleries, contacts, documents, and phone functions until payment.

Diagram showing how mobile ransomware spreads

Mobile ransomware infection avenues (Amazon)

Demands often arrive via onscreen messages. Payment is required to decrypt data. Apps and accounts also risk corruption or deletion during encryption.


  • Android/Filecoder.C (2021): Distributed via fake Adobe Flash app updates, this ransomware encrypted user files post-install. It demanded roughly $500 in cryptocurrency to supply file decryption keys.

Prevention Tips

πŸ‘‰ Download only from official Android/iOS app stores

πŸ‘‰ Use trusted mobile antivirus apps

πŸ‘‰ Keep devices fully updated

πŸ‘‰ Avoid sideloading unfamiliar apps

πŸ‘‰ Backup data regularly

πŸ‘‰ Use device encryption features

As mobile devices grow ubiquitous, they provide hacking efficiencies ransomware developers eagerly leverage.


Android ransomware remains prevalent as the platform‘s open design enables infection outside app stores. However Apple‘s tight iOS restrictions have mostly curbed iPhone ransomware – for now.

5. Leakware Ransomware

For victims, leakware combines data theft with encrypted files for double extortion.

How It Works

Also called extortionware or doxware, leakware combines classic data encryption with stolen data exposure threats.

Like typical ransomware, leakware spreads via social engineering tricks or software vulnerabilities to infiltrate systems and encrypt data. However, it also exfiltrates sensitive files stored on networks before activating the encryption scheme.

The attackers threaten to publicly release the stolen corporate data, trade secrets, customer records or personal files on the dark web unless ransom demands are met. The damaging data exposure risks incent victims to pay. However doing so may encourage future attacks.


  • Hollywood Presbyterian Medical Center Attack (2016): This intrusion on a Los Angeles hospital‘s networks stole sensitive patient data. The perpetrators sought a $3.6 million ransom to avoid leaking the files online. The medical center paid $17,000 to recover data.

Prevention Tips

πŸ‘‰ Back up data regularly

πŸ‘‰ Rapidly install security patches

πŸ‘‰ Use firewalls to halt unauthorized access

πŸ‘‰ Closely monitor vendor software access

πŸ‘‰ Employee education on avoiding phishing links

Data backups and patching delays remain key factors in mitigating severity.


Healthcare organizations saw leakware attacks jump 94% between 2020-2021 to 347 breaches. Ransomware developers likely see greater data monetization opportunities targeting hospitals.

6. DDoS Ransomware

Locking single systems falls short for DDoS ransomware‘s mass attack goals. Instead, this variety overloads and crashes entire networks.

How It Works

DDoS ransomware first compromises devices en masse to build vast botnets – networks of secretly infected Internet of Things gadgets, computers and servers that attackers remotely control.

On command, thousands of bots flood target infrastructure servers or websites with junk data requests. The tsunami of bogus traffic crashes systems by overloading capacity.

DDoS attack process diagram

DDoS attack methodology (Imperva)

With critical infrastructure overwhelmed, attackers demand ransom payments wired to cryptocurrency wallets in exchange for ordering botnets to stop.


  • Mirai Botnet (2016): This 100,000+ device botnet crippled DNS provider Dyn with DDoS attacks in 2016, slowing or blocking Internet across the U.S. East Coast.

  • REvil (2021): Extortionist hackers encrypted thousands of computers by hijacking IT software company Kaseya, then launched DDoS attacks on their website infrastructure. REvil demanded $70 million in Bitcoin.

Prevention Tips

πŸ‘‰ Patch and update software rapidly

πŸ‘‰ Install DDoS filtering protections

πŸ‘‰ Have response plans ready

πŸ‘‰ Never pay ransoms

With critical infrastructure impacted, specialized DDoS prevention is crucial.


Research confirms DDoS ransomware attacks doubling yearly. As more systems integrate smart IoT devices, risks multiply.

7. Ransomware-as-a-Service (RaaS)

Seeking easy profits, RaaS sellers lease DIY ransomware toolkits to wannabe hackers.

How It Works

Accessible through dark web marketplaces for monthly subscription fees or revenue sharing agreements, RaaS allows amateur cybercriminals to deploy sophisticates ransomware minus the coding.

The RaaS provider handles technical backend operations – developing ransomware code, managing encryption, providing Command and Control hosting infrastructure, integrating cryptocurrency payments.

Affiliates simply distribute the infections however they choose, whether via phishing campaigns or embedded software installs. Revenue gets split with developers once ransoms are paid. This turnkey model caused an explosion of less sophisticated ransomware strains.


  • Babuk Locker: Advertising "fast and aggressive" ransomware, this RaaS on Russian forums aided 2021 attacks, including extracting $4 million from D.C. police. Creators offer a 70% cut of ransoms.

Prevention Tips

πŸ‘‰ Install next-gen antivirus

πŸ‘‰ Patch rapidly

πŸ‘‰ Segment networks

πŸ‘‰ Multi-factor authentication

πŸ‘‰ Staff phishing education

The greatest challenges are recognizing less familiar threats and preventing initial infections.


The RaaS subscription model facilitated over 80% of ransomware attacks in 2022. Expect off-the-shelf ransomware to expand.

8. Double Extortion Ransomware

For high-pressure coercion, dual extortion malware encrypts data while threatening leaked documents.

How It Works

As the label implies, these attacks deploy two avenues for extortion. First ransomware encrypts files or locks systems much like traditional attacks.

However they also steal confidential data for secondary leverage. Even with backups allowing data recovery, the sensitive documents themselves retain value.

Creators warn data gets sold or published online unless separate demands for the stolen files are satisfied too. Facing both data loss and confidentiality breach,entities often pay.


  • REvil (2020): High-profile law firm Grubman Shire Meiselas & Sacks saw REvil intruders steal and encrypt significant data volumes. Criminals sought $21 million in Bitcoin, threatening celebrities would face privacy scandals otherwise.

Prevention Tips

πŸ‘‰ Deploy next-gen antivirus protection

πŸ‘‰ Segment networks to limit spread

πŸ‘‰ Install security patches rapidly

πŸ‘‰ Control staff application install privileges

πŸ‘‰ Backup data regularly

Dual extortion‘s combined data and privacy threats maximize criminal leverage. Response requires protecting across vectors.


Double extortion posed nearly 50% of ransomware situations for cyber insurance giant AIG in 2021. Custom data-targeting tactics highlight the variation‘s growing sophistication.

Defending Against Ransomware Threats

This overview of the most prolific ransomware attack types plaguing 2022 reveals not just the prevalence but the variety of extortion threats facing data and privacy.

As techniques develop, no one solution blocks all infection routes. But instilling security layers, rapid response protocols and staff education offers your best playbook to manage this modern cyber pandemic.

Did you like those interesting facts?

Click on smiley face to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

      Interesting Facts
      Login/Register access is temporary disabled