The Main Types of Ransomware & How to Spot the Difference

Posted by Mitnick Security on Sep 1, 2021 10:27:24 AM

Ransomware attacks have been flooding the news over the last few years— and in this past year especially. 

From the 2020 Garmin breach to the JBS meat supplier attack, business owners everywhere live in fear of a data compromise. As ransomware attacks grow larger-scale and more damaging, it’s no surprise why. Case in point: the 2021 Kaseya attack, known in headlines as the “Biggest Ransomware Attack on Record.” 

With ransomware becoming one of the most newsworthy of all cybersecurity threats, let’s take a look at the two main types so you can better prepare:

 

The Two Types of Ransomware

Ransomware is a type of malicious software designed to restrict access to a computer system until a payment is made. While different kinds of ransomware act in different ways, attacks are typically bucketed into two types:

1. Crypto Ransomware

This is the ransomware we most commonly hear about in the news; it’s the kind that encrypts important company data, but usually does not interfere with other device functions. For example, this form of malware may seize access to specific files or an entire web application, stopping a company from viewing or using its data or performing its function. 

Cyber attackers often target files or systems that are at the core of a company’s daily operations, knowing that restricting that specific access can halt all business activities. When these crucial files are seized, employees panic— knowing they can’t perform their job without them. To add to the anxiety, the attackers often trigger a countdown message, threatening the victim to pay the ransom before a certain time or else their files will be deleted or used for nefarious purposes.

A few examples of crypto ransomware include:

  • MADO
  • B0r0nt0k
  • CryptoLocker

2. Locker Ransomware

Unlike crypto ransomware where the malware encrypts files, locker ransomware affects more than access to specific items or applications exclusively. It locks users out of many basic device functions, often restricting nearly all operating access. Other than the limited mouse and keyboard functionality needed to pay the ransom on the screen, users are locked out of the operating system. Usually, it does not threaten certain files, specifically.

Some examples of locker ransomware include:

  • Petya
  • GoldenEye
  • KeRanger

 

More Examples of Ransomware

Outside of the two main types, there are dozens of variations of ransomware coding, all going by a variety of names. All are forms of malware aimed at demanding a ransom, however, they are each designed by different bad actors and act in their own unique manner. Learn more about the functions of each type of ransomware from Kaspersky. 

 

How to Spot the Difference

The easiest way to tell the difference between these types of ransomware is whether or not you have the ability to log onto and operate your device. 

Locker ransomware shuts down most functional operating control of the device and locks out the user. When infected with locker ransomware, a device will still boot up, however, it will only show the ransomware message. 

On the other hand, crypto ransomware will restrict access to a specific item or items, but allow you to operate the rest of your device as usual. 

 

How is Ransomware Spread?

Ransomware is spread using a variety of techniques, but the most common way devices become infected in North America is through spam and phishing emails. Couple this with the next two most common methods— misconfigurations and weak passwords/access management— and it becomes obvious that the best defense against ransomware attacks is proper awareness education for employees. 

Common Methods of Ransomware Infection

According to studies, government organizations, manufacturers, and construction companies should be the most cautious of ransomware attacks. If your business falls into one of these industries, you are the most at risk and would be wise to invest in proper cybersecurity protection for your team.

Industries in North America Reporting Ransom Attacks in the Last Year

 

The Ransomware Education & Technical Security You Need

With the growth of “Ransomware as a Service” and continued threats to some of the world’s largest companies, educating your team on ransomware is more important than ever. Ensure your team is informed on cybersecurity best practices when and where it’s convenient, with the world's largest security awareness training content library. 

Learn more about team security awareness training from Mitnick Security. 

Topics: ransomware attack, Ransomware as a service

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How Threat Actors Bypass 2FA and What Preventative Steps You Can Take

Two-factor authentication (2FA, or MFA) is a security layer designed to verify the identity of those logging in to accounts. By sending codes to the p..

Read more ›

Redefining Your Enterprise’s Cyber Security Posture During Mergers & Acquisitions

With 3,205 data compromises occurring in 2023 alone, fortifying your enterprise’s cybersecurity posture is more important than ever.

Read more ›

Choosing a Penetration Testing Company for Mac-based Environments

Powering your business with Apple devices because of their reputable security and privacy features? You may be surprised to learn that while Apple dev..

Read more ›
tech-texture-bg

© Copyright 2004 - 2024 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy