Ransomware Attacks and Types
Did you know that 39% of Canadian businesses suffered a ransomware attack last year, while 65% anticipate being subject to a ransomware attack in the future? Even if your business doesn’t know what ransomware is, you need to watch out. It’s fast becoming one of the most prevalent threats to organizations large and small.
Here’s everything you need to know to protect yourself.
What is ransomware?
Ransomware is a form of malicious software that is often delivered by email or online advertisements that have been corrupted. Once in your system, ransomware works by locking you out of your files and data, rendering them inaccessible.
You can only restore access by paying a ransom – which is usually somewhere in the tens or thousands of dollars.
Common Ransomware Types
Ransomware takes many forms. There are numerous types that work in slightly different ways. Here are the most common.
Locker ransomware blocks a device from functioning normally. You’ll be unable to move your mouse or press your keyboard in a meaningful way. The only thing you will be able to do is interact with the screen that has the ransom demand on it, so you can make a payment. Otherwise, the device doesn’t operate at all.
The only saving grace about locker ransomware is that it locks you out of your files, rather than encrypting and deleting them. This means that, if you store your files securely in the cloud, you’ll be able to access them on another device.
Contrastingly, crypto-ransomware encrypts your data so that you can’t access it. You can still use your computer, but all your important files will be off-limits.
Often, this ransomware features a countdown clock, threatening to delete your information if you don’t pay the ransom before the clock strikes zero.
Scareware is a manipulative form of malware that masquerades as a pop-up ad. The ad encourages the user to download fake anti-virus software urgently to protect their computer.
Ironically, by clicking on the link, the user inadvertently deploys ransomware onto their computer, which then encrypts their data until a ransom is paid.
In a leakware attack, the attacker responsible for the incident threatens to publish the confidential data compromised, while also encrypting the files. This puts extra pressure on the victim to pay the ransom, for fear that their sensitive information could be exposed to the public.
Ransomware As a Service (RaaS)
Ransomware as a service is essentially the democratization of ransomware. It’s a popular business model on the dark web, where cyber-criminals sell ready-to-go ransomware to other nefarious individuals.
The buyers don’t need to do any coding or hard work themselves. The malicious software is ready to be deployed and used against victims.
Common Examples Of Ransomware
Now that we know a little more about the common types of ransomware, we can dive into specific strains that have made an impact on organizations over the last few years.
Bad Rabbit is a ransomware strain that wreaked havoc across Eastern Europe in 2017, harming over 200 organizations. It’s thought that Bad Rabbit was meant to disrupt Russian media agencies, but a whole host of corporate organizations in Eastern Europe and Japan were also impacted.
Cerber ransomware has been around since 2016. Most recently, it hit the headlines for impacting Confluence and GitLab servers at the end of last year.
In a Cerber ransomware attack, the victim usually receives a phishing email with a malicious attachment. Once in their systems, Cerber encrypts access to the victim’s data until a ransom is paid.
CryptoLocker is an infamous form of malware. Once executed, it encrypts files on devices and the network, holding them for ransom until a sum is paid. In late 2013, this ransomware harmed numerous computers running Microsoft Windows in several organizations.
CryptoWall is an extremely sophisticated ransomware variant. It goes beyond encrypting your files and asking you to pay a ransom. Instead, it hides in your device and steals your data, passwords and bitcoin wallets. From there, it locks your files in such a way that the only way to get them back is through an encryption key.
This form of malware is specifically aimed at the Windows family and businesses. It’s usually delivered by phishing email.
CTB-Locker is a ransomware variant that works by locking files on the victim’s hard disk before requesting a ransomware payment. This variant was particularly prominent in 2015, and is slightly less common today.
If you’re a Bond fan, you might be thinking this name sounds familiar. The hacking group responsible for GoldenEye are indeed James Bond fans too. Nevertheless, this is an asty piece of malware.
It works by blending two attack strategies. Firstly, two viruses are downloaded in tandem, called Mischa and Petya. Then, they work to encrypt data on the victim’s device and network, and demand a payment to decrypt the data.
Jigsaw is a variant of encryption ransomware malware dating back to 2016. It was initially known as “BitcoinBlackmailer”. However, when cybercriminals started using an image of Billy the Puppet from Saw in their attacks, the malware was renamed to Jigsaw.
LockerGoga is a rather disruptive form of ransomware that industrial organizations need to be aware of. It works by shutting down computers to the point where they are inaccessible and is crippling for victims. In fact, it’s often hard for victims to get to the screen necessary to pay the ransom.
Locky ransomware comes in the form of an email claiming to be an invoice. When the victim clicks the link, they’ll open a malicious Microsoft Word document embedded with ransomware that encrypts their files.
Petya is another ransomware that targets Microsoft. It infects the master boot record of a device and then encrypts the hard drive’s file system table. This prevents Microsoft Windows from loading up. Instead, the victim will see a screen that demands payment in bitcoin to regain access. Petya is the ransomware responsible for the huge cyber-attack on Ukraine in 2017.
Spider ransomware attacks begin with a phishing email. Once the victim clicks the associated link, the malware deploys and encrypts access to data. In a twist, Spider only gives victims 96 hours to pay the ransom or their files are obliterated for good.
Perhaps the most infamous ransomware variant, WannaCry disabled thousands of organizations in 2017. This attack, in particular, spread through EternalBlue, an exploit designed by the United States National Security Agency. While Microsoft had released a patch for the exploit, many organizations around the globe had failed to use it.
This malware is part ransomware, part worm. It’s unique because it encrypts files while aso stealthily propagating to other computers and networks without the need for further spamming or exploits.
Ransomware Protection Tips
With so many variants out there, protecting against ransomware can seem overwhelming. However, there are some simple things you can do to bolster your defenses.
First up, make sure you always backup your data. That way, if you’re subject to an attack, you’ll be able to recover your files without paying a dime. Secondly, a huge cause of ransomware attacks is user error, so make sure you’re training your employees about the risks of phishing emails and malicious online adverts.
We can help you protect against ransomware
Running your business and staying on top of cybersecurity threats doesn’t have to be a challenge. Work with a reputable local managed IT service provider like us, and we’ll ensure you stay secure from today’s top ransomware threats.
Dynamix Solutions is a Toronto managed IT services provider that provides cyber security and managed IT services in Calgary.