Types of Ransomware
Ransomware is malware that encrypts files and locks a victim’s system. The attacker demands payment in a cryptocurrency, like Bitcoin, to decrypt the files and restore access. If the victims don’t pay, they face losing valuable data and a lengthy recovery time that negatively impacts productivity and revenue.
Cyber criminals use ransomware to target businesses with big paydays. These attacks can cost organizations thousands in lost productivity and revenue. Attackers often threaten to expose the data breach to the public if victims don’t pay the ransom.
While encrypting ransomware is the most common type of attack, other variants exist. SimpleLocker, also known as Simplocker, got its start by scanning SD cards and encrypting images, documents and videos. Later versions could even encrypt victim’s cameras. The Trojan even used Tor to prevent being traced.
Maze, a variant of ChaCha, spread via spam emails, RDP attacks and exploit kits. It was one of the first examples of double extortion and incorporated advanced obfuscation techniques. It reportedly infected more than 100,000 devices before its creators stopped spreading it in June 2021.
Reveton, another example of encrypting ransomware, started in 2020 as an infection tool that targeted PC users. The Trojan displayed a message that said it was a warning from law enforcement that the PC had been compromised and the user would be arrested for illegal online activity if they didn’t pay a fine to a post office box in Panama. Later versions used password-stealing malware, a remote connection to encrypt the computer’s hard drive and ask for payments in Bitcoin. Victims of Reveton have reported varying degrees of success with decryption after paying the ransom.