Ransomware is a form of malware that encrypts a victim's files or locks them out of their system and demands a ransom (usually in cryptocurrency) for the decryption key or to restore access. There are several types of ransomware, each with different methods of operation, targets, and impacts. Below are the most common types:
1. Crypto Ransomware
Description: This is the most common type of ransomware. It encrypts the victim’s files, making them inaccessible. The attacker then demands a ransom in exchange for the decryption key.
Examples:
CryptoLocker
WannaCry
NotPetya
2. Locker Ransomware
Description: Instead of encrypting files, locker ransomware locks the victim out of their system, making it impossible to access the desktop, files, or applications. It doesn’t necessarily encrypt data but disrupts the use of the system entirely.
Examples:
WinLock
Android Lockers
3. Scareware
Description: This type of ransomware pretends to be a legitimate virus or security threat, tricking victims into believing their system is infected. It then demands payment to "fix" the non-existent problem.
4. Doxware (Leakware)
Description: This type of ransomware threatens to release sensitive, personal, or confidential data unless a ransom is paid. It typically targets organizations or individuals with private, sensitive, or incriminating data.
Examples:
Sodinokibi (REvil) often utilizes doxware tactics.
5. Ransomware-as-a-Service (RaaS)
Description: This is a type of ransomware where the malware is sold or rented to other criminals, known as affiliates, who carry out the attacks. The ransomware creators take a cut of the ransom payments.
Examples:
REvil (Sodinokibi)
Conti
6. Fileless Ransomware
Description: Unlike traditional ransomware that installs itself as a file on the victim's system, fileless ransomware operates entirely in the system’s memory, making it more difficult to detect and remove.
Examples:
EternalBlue exploits (used by WannaCry and NotPetya)
Crysis
7. Mobile Ransomware
Description: This type of ransomware specifically targets mobile devices, such as smartphones and tablets, either by encrypting files or locking the device until a ransom is paid.
Examples:
Android/Locker Ransomware
Svpeng
8. Ransomware Targeting Cloud Services
Description: This variant focuses on cloud-based applications, such as Microsoft 365, Google Workspace, or enterprise-level cloud storage, often affecting organizations that rely heavily on the cloud for daily operations.
Examples:
Cloud Ransomware attacks against SaaS applications.
9. Hybrid Ransomware
Description: A hybrid variant combines multiple attack tactics, such as data encryption and data exfiltration, often adding a layer of social engineering or using a mix of ransomware and traditional cyberattack methods like phishing.
Examples:
Maze Ransomware (encrypts and exfiltrates data, then threatens to leak it).
10. Ransomware Targeting Backup Systems
Description: Some ransomware attacks are designed to target backup systems and cloud backups, preventing victims from restoring their systems and data after an attack.
Examples:
Ransomware variants that target shadow copies and backup services.
Ransomware is evolving rapidly and made these attacks accessible to even less technically skilled attackers, increasing the frequency and severity of ransomware campaigns.
To protect against ransomware, businesses and individuals should focus on strong cybersecurity measures and controls such as strong backups, patch management, advanced threat detection, and user training to recognize phishing attacks and suspicious behavior.
Comentarii