Of all the malicious things that can happen to your computer, ransomware is one of the worst. One intrusion can completely destroy a small business. And the attacks are increasing drastically - the number of ransomware attacks almost doubled in the first 6 months of 2021, hitting nearly 1,100 organizations in 63 countries.
Unfortunately, everyone is vulnerable to ransomware. Thankfully, if you know what to look for, you can protect yourself and your business. After all, the best protection is to be educated to help prevent the attack before it begins.
Here, we’ll discuss five major types of ransomware that you need to look out for and how to best prevent them from happening.
What Is Ransomware?
Ransomware is a type of computer virus called malware that locks down key parts of your computer system. It doesn’t release its grip until you pay money, usually in a cryptocurrency, to an anonymous address.
Although there are different types of ransomware, most of them are designed to quickly spread through a network, locking down files and databases. This can cripple an organization of any size.
In May 2021, a ransomware attack shut down Colonial Pipeline, an oil pipeline company in the United States. A few months later, another attack shut down the tech company Kaseya, which forced a large Swedish grocery store chain to completely shut down 800 stores.
Even the largest corporations with some of the highest security can be vulnerable to a ransomware attack. But informing yourself and your employees on what the types are, what to look out for, and any preventative measures that may help, can lessen the chances of it happening to you.
5 Types of Ransomware
There are many different types of ransomware floating around the internet, looking for a new host to attack. These five ransomware types are the most common.
Crypto ransomware encrypts important data on your computer or server but otherwise lets you continue using your computer like normal. In this way, you don’t even realize you’ve been hit with ransomware until it’s too late.
Infection from this ransomware most often occurs via files or links delivered via email, or through downloads. File formats can include Microsoft Word (.doc or .docx), Microsoft Excel (.xsl or .xslx), zipped folders, and more.
Crypto ransomware that has been delivered via email often dupes the recipient into opening an attachment by seeming legitimate.
Unlike crypto-ransomware, which stealthily crawls your computer, lockers are in your face. These malicious programs find file extensions on your computer and then lock them. Next, it pops up a big warning to the user, informing them that their computer is locked and they’ll need to pay a ransom to unlock it.
Considered a copycat of CryptoLocker, which has infected over 250,000 systems, the ransom is usually smaller, around $150-$200, but can add up if it hits more than once.
People are getting smarter when it comes to avoiding viruses and phishing attempts. This is where scareware comes in. This is ransomware that scares you into downloading it. It usually pops up as a warning that you have a virus on your PC.
The scareware either convinces you to pay money to ‘clean’ your PC or installs other types of malware when you hit ‘OK.’ Either way, you end up victimized and out of money.
We’ve all heard of ‘doxxing,’ where people release sensitive information about their victim to the wider internet. Doxware does the same thing. It threatens to release information, whether it be private photos or the address of your kids' school, unless a ransom gets paid.
The scary part about doxware is that it is targeted. That means another person has specifically selected the victim and attacked them. The best way to prevent doxware is to encrypt all your files, at all times.
RaaS (Ransomware As A Service)
Perhaps the most cynical of all is RaaS. Ransomware As A Service involves black-market developers leasing their ransomware to others. This allows people with malicious motives but who don’t have the technical know-how to gain access to the ransomware.
The average RaaS costs around $40 per month. The average ransomware attack nets $230,000. You can see how lucrative that becomes.
10 Most Well-Known Ransomware Strains
If you’ve paid attention to the news over the past decade, then you’ve probably heard several names of ransomware attacks. Wannacry, Jigsaw, and Petya are three that made headlines.
Bad Rabbit is a locker that first surfaced in 2017. It locks computer files and doesn’t release them until a ransom is paid in Bitcoin.
CryptoLocker is a strain of ransomware that uses bot-controlled computers to spread to other computers. It took a coordinated international effort to track down the bots and reduce the threat.
GoldenEye is the newest ransomware threat sweeping the globe. It’s extremely volatile and is able to get around consumer-grade security. It’s a fork of the Petya ransomware, but more malicious and harder to destroy.
Another recent ransomware is Jigsaw, which has a chilling twist to its operating procedures. Once it locks your files, it begins to count down from 24 hours. As it counts, it deletes files every hour. If you don’t pay a ransom within 24 hours, your entire network gets wiped.
Locky is a locker that gets downloaded via email. However, Locky goes after your system’s source codes, meaning it can completely destroy every computer and server on your network unless you pay a hefty ransom.
Maze works a little differently than other ransomware. Instead of simply locking files, Maze steals files and sends them back to the hackers who initiated the attack. If you don’t pay them, they’ll release the sensitive company information to the black market.
Petya is one of the most famous lockers and operates in a traditional ransomware manner. It locks up files but can also close down entire systems. It only affects Windows machines, and most of its attacks have been in Eastern Europe.
NotPetya is a terrifying upgrade to Petya that was engineered by the Russian military as an offensive cryptoweapon. Instead of locking files and asking for money, it attacks computer systems and wipes them clean. It uses exploited passwords and messaging boards to worm into a system and then replicates itself.
Ryuk is targetted ransomware. That is, malicious actors identify a potential victim and then target their network with Ryuk. They’ll use emails, fake websites, and even go after unsuspecting employees to get access to the network.
Wannacry gained international fame in 2017 when it struck millions of computers around the world. It is a locker that has extremely high encryption and is extremely volatile. At the height of the Wannacry drama, it was considered the most dangerous computer virus in history!
How To Detect Ransomware?
Knowing what to look for is half the battle against ransomware. You want to detect this malware before it gets into your computer. To make sure that you don’t have ransomware sitting on your device right now, you’ll need to scan it with a trusted anti-malware suite. Here are a couple to choose from:
You can also look for strange PC behaviors. These are all signs that a malicious program is slowly making changes to your files.
- Strange file executions
- Weird file transfers from PCs to unknown internet sites
- Random API calls (when a program requests information from your computer)
How To Prevent Ransomware
There are several ways to prevent a ransomware attack. Most of these are simple methods that you can implement now. Train your employees to do the same to prevent a network attack.
A firewall scans traffic coming and going from your network and can stop ransomware dead in its tracks. Make sure your firewall uses Deep Packet Inspection (DPI) for greater security.
Look For Shady Emails
Most enterprise-level email providers, such as Microsoft and Google, scan for malware. Sometimes it gets through. Teach your team to keep an eye out for emails that have strange reply addresses, lots of spelling and grammar mistakes, and come with files attached.
Remember, most malware gets downloaded from email. Consider this your greatest area of vulnerability and work on defending it.
Don’t Use Unknown USB Devices
If you or your employees attach a USB device to a network computer, your entire business is at risk. Your employee may have unknowingly downloaded ransomware, and now they’ve brought it to work.
Don’t let employees attach phones or thumb drives to your work computers.
What To Do If You’ve Been Infected With Ransomware
Technology has come a long way, and there are many “unlockers” available that can unlock your files from some types of ransomware without you having to pay. But it’s important that you have a partnership with trusted IT professionals that can help prevent the ransomware attacks from occuring in the first place.
A technology strategy plan is key to protecting against ransomware attacks. These plans include details about:
- What technologies your business uses
- Who your key players are for IT security
- How you’ll scale your technology in coming years
- How you’ll secure and encrypt your network
GlobalQuest Solutions can help you build and implement a Technology Strategy Plan that works to protect you against malicious attacks. Contact us today.