Ransomware can wreak complete havoc across your systems, compromising key data and files, and leaving your network at the mercy of the attacker. New types of ransomware are constantly cropping up, making it difficult to keep on top of, let alone protect against, the latest strains. Although new variants present different characteristics, fundamentally all ransomware leverage similar techniques and operate with the same aim: extracting a ransom payment from the victim by holding their key data or devices ‘hostage’.
What is Ransomware?
It’s a type of malware attack that holds a victim’s data or device ‘hostage’, preventing access until a ransom payment is made or the perpetrator’s demands are met.
In the first instance, attackers often employ social engineering techniques to gain access to their victim’s systems before unleashing their ransomware attack.
How does Ransomware spread?
Ransomware can spread into systems through a variety of different infiltration methods, including:
- Remote desktop protocols whereby the ransomware infiltrates through exposed remote desktop software connections.
- Malicious URLs where the victim visits a compromised website via the malicious URL
- Malvertising where perpetrators use online advertising as a vehicle for spreading ransomware
- Drive-by-downloads where the victim unintentionally or unknowingly downloads ransomware onto their device
- Email attachments where the user opens a malicious phishing email with a dangerous attachment
6 Common types of ransomware
Crypto ransomware or encryptors
Crypto ransomware locks you out of crucial files and data on your computer by encrypting them. You’re still able to see the files that are stored on your device, but you are unable to access them. In order to recover your files, ransomware perpetrators demand a ransom payment.
Rather than targeting specific files, locker ransomware locks you out of your entire device, meaning you are unable to use it or access any information stored on it. The attacker will demand a ransom payment in order to unlock your device.
Scareware in itself is not malicious, instead it is a front that persuades the victim to inadvertently download ransomware onto their device. Scareware convinces their victims that their device has already been infected with a virus and that they need to download a software to clean their device. The software they then download contains the ransomware.
Doxware attacks threaten a victim with the release of their personal information or data unless they pay a ransom. The victim is often a private individual, targeted primarily through phishing campaigns.
Leakware is a mutation of doxware. It differs from other types of ransomware in that its primary threat is not to hold key information or devices ‘hostage’, but rather to leak confidential or sensitive data. Leakware tends to target high-value victims such as hospitals, financial services, and legal services firms. The attacker then demands a ransom payment in exchange for the promise that they won’t release the data in question.
Ransomware as a Service (Raas)
RaaS is essentially a partnership in which a ransomware developer sells ready-to-use ransomware attacks to affiliates, who often lack expertise or experience. For obvious reasons, RaaS threatens to make ransomware attacks far more frequent. RaaS can be structured differently, with some developers simply selling their ransomware for a flat one-time fee, whilst others operate on a subscription or profit sharing basis.
Well-known strains of ransomware
Bad rabbit is encryptor ransomware that aims to encrypt and lock you out of your files. It spreads into devices through what’s known as ‘drive by attacks’, meaning through credible websites that have been compromised. It appears to the victim as an Adobe Flash update, which downloads malware onto their system.
GoldenEye attacks systems using a two-pronged strategy in which two viruses are downloaded simultaneously which then encrypt the system’s data and file system.
Jigsaw infiltrates a device, encrypts its files, demands a $150 payment within the first hour, and gradually deletes them until the ransom is paid. At the 72nd hour, all remaining files are deleted.
Cerber is a type of RaaS that mass targets Microsoft 365 users, locking them out of their devices and encrypting their data.
TorrentLocker is a type of locker ransomware that infiltrates systems via spam emails.
How to protect against Ransomware attacks
Ransomware attacks are one of the most critical threats that MSPs face. Preparation and mitigation are absolutely essential to protect the systems that you are responsible for managing and monitoring. An effective security infrastructure against ransomware attacks combines effective management of systems and people:
- Making use of the most up-to-date and watertight security software
- Thorough preparation. Designing a reliable and robust disaster recovery pain that has been tried, tested, and refined.
- Continual employee training and education, especially around social engineering techniques.
- Ensure to keep updated and encrypted offline backups
- Effective patch management and frequent system updates
- Implement safe IT practices, such as healthy skepticism around suspicious email attachments or URLs