Cyber Security Articles & News

The Main Types of Ransomware & How to Spot the Difference

Ransomware attacks have been flooding the news over the last few years— and in this past year especially. 

From the 2020 Garmin breach to the JBS meat supplier attack, business owners everywhere live in fear of a data compromise. As ransomware attacks grow larger-scale and more damaging, it’s no surprise why. Case in point: the 2021 Kaseya attack, known in headlines as the “Biggest Ransomware Attack on Record.” 

With ransomware becoming one of the most newsworthy of all cybersecurity threats, let’s take a look at the two main types so you can better prepare:


The Two Types of Ransomware

Ransomware is a type of malicious software designed to restrict access to a computer system until a payment is made. While different kinds of ransomware act in different ways, attacks are typically bucketed into two types:

1. Crypto Ransomware

This is the ransomware we most commonly hear about in the news; it’s the kind that encrypts important company data, but usually does not interfere with other device functions. For example, this form of malware may seize access to specific files or an entire web application, stopping a company from viewing or using its data or performing its function. 

Cyber attackers often target files or systems that are at the core of a company’s daily operations, knowing that restricting that specific access can halt all business activities. When these crucial files are seized, employees panic— knowing they can’t perform their job without them. To add to the anxiety, the attackers often trigger a countdown message, threatening the victim to pay the ransom before a certain time or else their files will be deleted or used for nefarious purposes.

A few examples of crypto ransomware include:

  • MADO
  • B0r0nt0k
  • CryptoLocker

2. Locker Ransomware

Unlike crypto ransomware where the malware encrypts files, locker ransomware affects more than access to specific items or applications exclusively. It locks users out of many basic device functions, often restricting nearly all operating access. Other than the limited mouse and keyboard functionality needed to pay the ransom on the screen, users are locked out of the operating system. Usually, it does not threaten certain files, specifically.

Some examples of locker ransomware include:

  • Petya
  • GoldenEye
  • KeRanger


More Examples of Ransomware

Outside of the two main types, there are dozens of variations of ransomware coding, all going by a variety of names. All are forms of malware aimed at demanding a ransom, however, they are each designed by different bad actors and act in their own unique manner. Learn more about the functions of each type of ransomware from Kaspersky. 


How to Spot the Difference

The easiest way to tell the difference between these types of ransomware is whether or not you have the ability to log onto and operate your device. 

Locker ransomware shuts down most functional operating control of the device and locks out the user. When infected with locker ransomware, a device will still boot up, however, it will only show the ransomware message. 

On the other hand, crypto ransomware will restrict access to a specific item or items, but allow you to operate the rest of your device as usual. 


How is Ransomware Spread?

Ransomware is spread using a variety of techniques, but the most common way devices become infected in North America is through spam and phishing emails. Couple this with the next two most common methods— misconfigurations and weak passwords/access management— and it becomes obvious that the best defense against ransomware attacks is proper awareness education for employees. 

Common Methods of Ransomware Infection

According to studies, government organizations, manufacturers, and construction companies should be the most cautious of ransomware attacks. If your business falls into one of these industries, you are the most at risk and would be wise to invest in proper cybersecurity protection for your team.

Industries in North America Reporting Ransom Attacks in the Last Year


The Ransomware Education & Technical Security You Need

With the growth of “Ransomware as a Service” and continued threats to some of the world’s largest companies, educating your team on ransomware is more important than ever. Ensure your team is informed on cybersecurity best practices when and where it’s convenient, with the world's largest security awareness training content library. 

Learn more about team security awareness training from Mitnick Security. 



Topics: ransomware attack, Ransomware as a service

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Top Techniques Used by Social Engineers

Social engineers use new techniques daily to gain unauthorized access to private systems and servers. But while new tactics are ever-arising, many “tr..

Read more ›

Lessons Learned From GoDaddy's 2021 Data Breach

The American internet domain registrar and web hosting company GoDaddy recently made the news for the latest 2021 security breach. 

Read more ›

How Social Engineering Can Affect an Organization

Organizations around the world are enrolled in security awareness training programs and taught to look out for cybercriminals who are using a hacking ..

Read more ›