Ransomware attacks exploded by over 150% in 2021, hijacking an estimated thousands of computers per day. Understanding ransomware and its variants is key to securing yourself in the crosshairs. This comprehensive guide examines 9 predominant ransomware attack types – from sly encryption to crippling DDoS – equipping you to recognize and prevent an attack.
What is Ransomware?
Ransomware is a form of malicious software cybercriminals use to extort money from individuals or organizations. It works by encrypting files or locking computer systems, then demanding ransom payment to restore access.
Ransomware attack process (SentinelOne)
Failure to pay could mean losing data forever. But even paying up is no guarantee files can be recovered – and rewards criminals. Damages from ransomware topped $20 billion in 2021.
Overview: 9 Ransomware Attack Types
Cybersecurity researchers have identified over 20 unique ransomware attack variants. Here we detail the 9 most active threats:
| Type | Description |
|---|---|
| Encrypting/Crypto | Encrypts data to restrict access |
| Scareware | Fakes infection alerts to sell bogus software |
| Screen-locking | Locks device access with warnings |
| Mobile | Targets smartphones/tablets |
| Leakware | Exfiltrates data before encrypting |
| DDoS | Overwhelms systems via botnets |
| Ransomware-as-a-Service (RaaS) | Sells subscriptions to ransomware |
| Double Extortion | Encrypts & threatens data leaks |
| Mobile | Targets phones/tablets |
Now let‘s explore each ransomware variety addressing:
- How it works: Infection and attack methods
- Examples: Real-life attacks
- Prevention: Tips to safeguard yourself
- Trends: Changes in popularity/potency
1. Encrypting/Crypto Ransomware
Encrypting or cryptographic ransomware is the most common attack type, accounting for over 75% incidents in 2021.
How It Works
The ransomware infiltrates networks via phishing emails or by exploiting unpatched software vulnerabilities. Once inside, it rapidly spreads, encrypting data and storage drives.
Attackers control operations via Command-and-Control (C2) servers. Victims must pay a ransom through difficult-to-trace cryptocurrency to receive the decryption key.
Encryption ransomware attack methodology (GBHackers)
Without the key, it‘s nearly impossible to recover files.
Examples
WannaCry (2017): This fast-spreading worm hit over 200,000 systems globally by using leaked NSA tools to exploit Microsoft vulnerabilities. It was the first mega-scale ransomware attack.
Ryuk (2018-present): Believed to be run by Russian cybercrime ring Wizard Spider, Ryuk has extracted over $150 million in ransom from organizations like oil transport firm Colonial Pipeline. The 2021 Colonial Pipeline attack disrupted fuel supplies for the U.S. East Coast.
Prevention Tips
π Maintain regular offline, encrypted backups
π Rapidly install software security patches
π Use firewalls and email filters to block threats
π Institute cybersecurity staff education
π Cyber insurance to manage fallout
Cybersecurity experts recommend pursuing data recovery over paying ransoms whenever possible.
Trends
Encrypting ransomware continues to grow in scale and sophistication. In 2021, the average ransomware demand doubled to $2.2 million.
2. Scareware
While less destructive than data encryption, scareware cyber threats prey on human fear.
How It Works
Scareware attackers trick victims into believing ransomware or a virus has already infected devices. Fake security alerts appear onscreen, sometimes accompanied by bogus system scans showing nonexistent infections.
To remove the βinfections,β victims are urged to purchase and install bogus anti-virus software or cleaners – often trial versions of the scareware itself. Some variants lock access if victims don‘t comply.
Scareware attack process (MakeUseOf)
In reality, no infection exists outside the scareware. But victims who install the fake anti-virus tools may infect devices.
Examples
Windows Defender Alert: A 2021 scam mimicked Windows security warnings of the dangerous Zeus banking Trojan. It tricked users into calling fake Microsoft tech support to eradicate infections. The numbers connected to con artists who charged hundreds to "fix" unaffected computers.
Antivirus XP: Posing as security software, this malware held computers hostage until victims purchased Antivirus XP. Millions were fooled into downloading the fake product, allowing it to infiltrate systems.
Prevention Tips
π Use trusted antivirus software
π Never download from pop-ups
π Verify site domains before entering info
π Turn off browser pop-up alerts
Scareware relies almost wholly on social engineering over code exploits. Caution is your best defense.
Trends
Researchers report scareware attacks declining as users grow more vigilant. Still, these schemes continue bilking $1+ million annually from unwitting victims.
3. Screen Locking Ransomware
Screen lockers specialize in device digital hostage-taking.
How It Works
Infection often occurs via tainted website ads. Once downloaded, screen lockers change device backgrounds to ransom warnings threatening consequences like data destruction, legal action or fines.
Screens lock, leaving phones/computers unusable, until ransom demands are met. Some lockers enable limited functionality – cursor movement or app access – but block access to files.
Examples
Ragnar Locker (2021): Using leaked remote access tools, this attack hit thousands of victims through managed service providers. Ragnar Locker ransomware disabled over 30,000 devices until a $2.3 million ransom was paid.
Android Koler: Targeting Androids, Koler is a police ransomware variety falsely claiming devices were locked by authorities for criminal investigations. Only ransom payments to alleged police units can restore access.
Prevention Tips
π Avoid suspicious emails and links
π Patch all software vulnerabilities
π Use multi-factor authentication
π Backup regularly
π Educate employees
As with most ransomware, human error enabling infection remains the top security weakness.
Trends
Android screen-locking attacks are growing more pervasive, with over 30 strains identified in 2022. Fortunately law enforcement takedowns have slowed wider campaigns.
4. Mobile Ransomware
Smartphones and tablets are prime targets for ransomware developers.
How It Works
Attackers design malware-enabled apps or use phishing links to download ransomware onto iOS or Android devices. The ransomware encrypts photo galleries, contacts, documents, and phone functions until payment.
Mobile ransomware infection avenues (Amazon)
Demands often arrive via onscreen messages. Payment is required to decrypt data. Apps and accounts also risk corruption or deletion during encryption.
Examples
- Android/Filecoder.C (2021): Distributed via fake Adobe Flash app updates, this ransomware encrypted user files post-install. It demanded roughly $500 in cryptocurrency to supply file decryption keys.
Prevention Tips
π Download only from official Android/iOS app stores
π Use trusted mobile antivirus apps
π Keep devices fully updated
π Avoid sideloading unfamiliar apps
π Backup data regularly
π Use device encryption features
As mobile devices grow ubiquitous, they provide hacking efficiencies ransomware developers eagerly leverage.
Trends
Android ransomware remains prevalent as the platform‘s open design enables infection outside app stores. However Apple‘s tight iOS restrictions have mostly curbed iPhone ransomware – for now.
5. Leakware Ransomware
For victims, leakware combines data theft with encrypted files for double extortion.
How It Works
Also called extortionware or doxware, leakware combines classic data encryption with stolen data exposure threats.
Like typical ransomware, leakware spreads via social engineering tricks or software vulnerabilities to infiltrate systems and encrypt data. However, it also exfiltrates sensitive files stored on networks before activating the encryption scheme.
The attackers threaten to publicly release the stolen corporate data, trade secrets, customer records or personal files on the dark web unless ransom demands are met. The damaging data exposure risks incent victims to pay. However doing so may encourage future attacks.
Examples
- Hollywood Presbyterian Medical Center Attack (2016): This intrusion on a Los Angeles hospital‘s networks stole sensitive patient data. The perpetrators sought a $3.6 million ransom to avoid leaking the files online. The medical center paid $17,000 to recover data.
Prevention Tips
π Back up data regularly
π Rapidly install security patches
π Use firewalls to halt unauthorized access
π Closely monitor vendor software access
π Employee education on avoiding phishing links
Data backups and patching delays remain key factors in mitigating severity.
Trends
Healthcare organizations saw leakware attacks jump 94% between 2020-2021 to 347 breaches. Ransomware developers likely see greater data monetization opportunities targeting hospitals.
6. DDoS Ransomware
Locking single systems falls short for DDoS ransomware‘s mass attack goals. Instead, this variety overloads and crashes entire networks.
How It Works
DDoS ransomware first compromises devices en masse to build vast botnets – networks of secretly infected Internet of Things gadgets, computers and servers that attackers remotely control.
On command, thousands of bots flood target infrastructure servers or websites with junk data requests. The tsunami of bogus traffic crashes systems by overloading capacity.
DDoS attack methodology (Imperva)
With critical infrastructure overwhelmed, attackers demand ransom payments wired to cryptocurrency wallets in exchange for ordering botnets to stop.
Examples
Mirai Botnet (2016): This 100,000+ device botnet crippled DNS provider Dyn with DDoS attacks in 2016, slowing or blocking Internet across the U.S. East Coast.
REvil (2021): Extortionist hackers encrypted thousands of computers by hijacking IT software company Kaseya, then launched DDoS attacks on their website infrastructure. REvil demanded $70 million in Bitcoin.
Prevention Tips
π Patch and update software rapidly
π Install DDoS filtering protections
π Have response plans ready
π Never pay ransoms
With critical infrastructure impacted, specialized DDoS prevention is crucial.
Trends
Research confirms DDoS ransomware attacks doubling yearly. As more systems integrate smart IoT devices, risks multiply.
7. Ransomware-as-a-Service (RaaS)
Seeking easy profits, RaaS sellers lease DIY ransomware toolkits to wannabe hackers.
How It Works
Accessible through dark web marketplaces for monthly subscription fees or revenue sharing agreements, RaaS allows amateur cybercriminals to deploy sophisticates ransomware minus the coding.
The RaaS provider handles technical backend operations – developing ransomware code, managing encryption, providing Command and Control hosting infrastructure, integrating cryptocurrency payments.
Affiliates simply distribute the infections however they choose, whether via phishing campaigns or embedded software installs. Revenue gets split with developers once ransoms are paid. This turnkey model caused an explosion of less sophisticated ransomware strains.
Examples
- Babuk Locker: Advertising "fast and aggressive" ransomware, this RaaS on Russian forums aided 2021 attacks, including extracting $4 million from D.C. police. Creators offer a 70% cut of ransoms.
Prevention Tips
π Install next-gen antivirus
π Patch rapidly
π Segment networks
π Multi-factor authentication
π Staff phishing education
The greatest challenges are recognizing less familiar threats and preventing initial infections.
Trends
The RaaS subscription model facilitated over 80% of ransomware attacks in 2022. Expect off-the-shelf ransomware to expand.
8. Double Extortion Ransomware
For high-pressure coercion, dual extortion malware encrypts data while threatening leaked documents.
How It Works
As the label implies, these attacks deploy two avenues for extortion. First ransomware encrypts files or locks systems much like traditional attacks.
However they also steal confidential data for secondary leverage. Even with backups allowing data recovery, the sensitive documents themselves retain value.
Creators warn data gets sold or published online unless separate demands for the stolen files are satisfied too. Facing both data loss and confidentiality breach,entities often pay.
Examples
- REvil (2020): High-profile law firm Grubman Shire Meiselas & Sacks saw REvil intruders steal and encrypt significant data volumes. Criminals sought $21 million in Bitcoin, threatening celebrities would face privacy scandals otherwise.
Prevention Tips
π Deploy next-gen antivirus protection
π Segment networks to limit spread
π Install security patches rapidly
π Control staff application install privileges
π Backup data regularly
Dual extortion‘s combined data and privacy threats maximize criminal leverage. Response requires protecting across vectors.
Trends
Double extortion posed nearly 50% of ransomware situations for cyber insurance giant AIG in 2021. Custom data-targeting tactics highlight the variation‘s growing sophistication.
Defending Against Ransomware Threats
This overview of the most prolific ransomware attack types plaguing 2022 reveals not just the prevalence but the variety of extortion threats facing data and privacy.
As techniques develop, no one solution blocks all infection routes. But instilling security layers, rapid response protocols and staff education offers your best playbook to manage this modern cyber pandemic.
