Today's cyber thieves are adaptable and adept at developing new ways to evolve their attacks and techniques. Their ability to create new types of ransomware exhibits their skill of keeping up with the latest in cybersecurity. Since every good defence starts with knowing what you are up against, businesses need to know the most frequently used types of ransomware today to be able to bolster their organisation's ransomware response and reduce their risk of getting infected.
As its name suggests, this type of ransomware locks out users from their system and almost always results in victims paying the required ransom to resume operations. The victims are limited to seeing a lock screen on their devices with the attacker's ransom demands. If these are not met, the locked devices will become permanently unusable.
Locker ransomware attacks target systems rather than files, so users are much less likely to lose data if they pay for restored access. That said, it still impedes the victim organisation's business continuity, which puts the option of paying the ransom as the path of least resistance. In severe cases, these attacks can cause affected systems to be completely unrecoverable.
LockBit ranks as the most prevalent variant of this ransomware today, as researchers discovered that this strain caused 16% of all attacks in 2022. This is a marked increase of over 600% from the previous year. The LockBit ransomware continues to threaten businesses well into 2023, with the attack on the UK Royal Mail postal service being the most recent incident causing disruptions in their overseas packaging processing.
Crypto ransomware is a common strain that seeks a select few or entire files on target devices and encrypts them. Hackers will then demand a ransom for the key to unlocking said files, usually in their preferred cryptocurrency due to its anonymity. Some variants can also spread beyond the target system and infect shared or network drives, cloud storage, and even the organisation. That said, unlike in locker ransomware, users still have full access to their machines.
Crypto ransomware is traditionally spread via phishing techniques, but more sophisticated methods like drive-by download attacks hidden in malvertising are also growing in popularity. Thankfully, having off-site data backups and continuous data protection tools can largely mitigate this type of attack. Still, hackers have picked up on these countermeasures and may add timed delays in their malware to also infect the backups.
Scareware is a social engineering-based attack that tricks users into paying threat actors to fix problems in their systems that never existed. In its classic form, the malware will cause multiple pop-up warnings claiming the device is infected. It recommends the victims purchase a paid ‘antivirus’ to resolve it, which more than likely introduces further malware into the system if followed.
There is still debate on whether scareware is considered a type of ransomware. Regardless, these attacks are still highly disruptive with their constant flood of warnings or removal of functionality via locker ransomware. Furthermore, since the malware disrupts normal system operations until the ransom is paid, the impact remains the same for most victims.
Double extortion ransomware, or pay-now-or-get-breached, is another common tactic that ranks as the most dangerous ransomware strain today. The name stems from the attack's goal of exfiltrating large volumes of private information while encrypting the target's files. After the encryption, the hackers will threaten to publish the valuable stolen data, typically an organisation's intellectual property, until a ransom is paid.
Failure to meet the ransom demands means their data will be exposed online, sold to the highest bidder, or destroyed. Hackers could also threaten to inform the relevant regulators or stakeholders about the data breach to pressure the victim by harming their reputation and finances.
New ransomware strains continue to pop up and threaten organisations big and small, all capable of avoiding detecting and causing significant damage. By knowing the different types of ransomware used today, businesses can better plan improvements for their cyber defences and avoid falling victim to these disruptive attacks.
GROUP8 provides industry-leading and offensive-inspired cybersecurity services that let you stay on top of the many ransomware strains that pop up every day. Our solutions cover the entire cybersecurity and include network security, incident response, threat intelligence, and penetration testing services in Singapore. Contact us at hello@group8.co to learn more.