Ransomware is a major problem for companies big and small. Resources need to be implemented to prevent ransomware attacks or to recover data. The best defense is a good offense, as the saying goes. The best offensive strategy is to know your enemy. The following information about the types of ransomware will help you in the event of a cyber attack. Ransomware silently encrypts the user’s data on their computer. After encryption, a message appears demanding an account of money before the victim is given back access to their data. The victim usually only has a certain window of time to give the cybercriminal the money. If the deadline has passed, the ransom could increase.
Some types of ransomware have the ability to search for other computers on the same network to infect. Others infect their hosts with more malware, which could lead to stealing login credentials. This is especially dangerous for sensitive information, such as the login information for banking accounts. Locker ransomware and crypto ransomware are two main types of ransomware. Locker ransomware locks the victim out of their computer. Once it prevents access, it prompts the victim to pay money to unlock their device.
Crypto ransomware prevents the user from accessing their files, usually through encryption. Meanwhile, the user interface can be accessed. Then the cybercriminal demands payment to decrypt the data. WannaCry is a ransomware attack that occurred in 2017 and spread throughout 150 countries. It was designed to manipulate a Windows vulnerability and, in May 2017, had infected over 100,000 computers. The attack affected many UK hospital trusts, costing the NHS about £92 million. Users were locked out and a ransom in the form of Bitcoin was demanded. The attack exposed the problematic use of outdated systems. The cyberattack caused worldwide financial losses of about $4 billion.
Ryuk is a ransomware attack that spread in the middle of 2018. It disabled the Windows System Restore option on PC computers. Without a backup, it was impossible to restore the files that were encrypted. It also encrypted network drives. Many of the organizations targeted were in the United States. The demanded ransons were paid, and the estimated loss is at $640,000.
KeRanger is thought to be the first ransomware attack to successfully infect Mac computers, which operate on OS X. KeRanger was put into an installer of an open source BitTorrent client, also known as Transmission. When users downloaded the infected installer, their devices became infected with the ransomware. It sits idle for three days and then encrypts roughly 300 different types of files. Next, it downloads a file that includes a ransom, demanding one Bitcoin and providing instructions on how to pay the ransom. After the ransom is paid, the victim’s files are decrypted. As ransomware becomes increasingly complex, the methods used to spread it also becomes more sophisticated. Examples include:
- Pay-per-install: This targets devices that have already been compromised and could easily be infected by ransomware.
- Drive-by downloads: This ransomware is installed with a victim unknowingly visits a compromised website.
- Links in emails or social media messages: This method is the most common. Malicious links are sent in emails or online messages for victims to click on.
If you are the victim of a ransomware attack, do not pay the ransom. Even if you were to, the cybercriminals could still keep your data encrypted. Data could be restored if it was backed up to an external drive or the cloud. If your data is not backed up, contact your internet security company to see if they offer a decryption tool for these types of circumstances. Contact us today for IT security and safety tips. ThrottleNet will perform a risk analysis without cost or obligation. Click here to schedule for your risk analysis and read more information about ransomware.