An Introduction to the Different Types of Ransomware Attacks

A decade ago, ransomware was rare.

No longer. Today, it’s a game-changing threat.

The unfortunate reality is that ransomware is on the rise, and businesses need to be prepared. To help with that preparation, here’s an introduction to ransomware: how it started, how it spreads, and how it can be categorized into specific types of ransomware attacks. With a more thorough understanding of the risks, you’ll be better situated to protect your business.

 

A Brief History of Ransomware

The concept of ransom is as old as crime; ransomware is only the extrapolation of ransom to the digital world.

According to documented reports, the first instance of a ransomware attack took place in 1989, when Joseph L. Popp, a Harvard-educated evolutionary biologist, sent 20,000 infected floppy disks to the guests at the World Health Organization’s international AIDS conference. When inserted into a computer, the disks compromised the machine, so that, after ninety reboots, directories and files became encrypted. To purportedly regain access, users were asked to submit $189 to a PO box in Panama.

Joseph L. Popp was caught. But, ransomware was only just getting started.

In the 90s and 2000s, as the Internet unfurled into every corner of society, new avenues opened to conduct ransomware attacks at mass scale. In 2006, the Archiveus Trojan was uncovered; the attack encrypted everything in the My Documents folder and demanded payment online to unencrypt the files.

Attacks continued to develop. In 2011, about 60,000 new ransomware variants were detected in the third quarter alone, and that number has continued to rise exponentially in the succeeding years. Today, the ransomware industry is huge; over 40% of businesses have been affected, and attacks in the past year are estimated to end up costing $5 billion or more in damages.

 

The Two Types of Ransomware Attacks

Today, ransomware can be divided into two main types: locker ransomware and crypto ransomware. The differentiation lies in the type of assets that each holds for ransom.

Locker ransomware denies access to computing resources. It’s focused on preventing access to a device so that the interface can’t be accessed. From there, it prompts user payment to unlock the device.

Crypto ransomware, on the other hand, denies access to files on the device. The user interface on the machine can be accessed, but the files can’t be. It does this by encrypting the files and demanding payment for decryption.

 

How Ransomware Spreads

Ransomware is growing increasingly sophisticated, and so are the methods used to perpetuate it. These include:

  • Links in email or social messages: This is still the most common method of ransomware infection. Emails or messages are used in phishing attacks to bait users into clicking a malicious link. From there, the ransomware is unleashed.
  • Pay-per-install: This method targets devices that are unknowingly part of botnets. They’ve already been compromised and can have ransomware easily inserted into them, should ransomware criminals pay to make it happen.
  • Drive-by downloads: this is perhaps the most frightening method of attack. Drive-by downloads happen when victims unknowingly visit a compromised site, which is then used to exploit vulnerabilities in visiting machines.

 

Biggest Ransomware Attacks

Finally, a comprehensive review of ransomware should include the prominent ransomware attacks of the recent past, because these often resurface as variants or building blocks for new attacks. Over the past two years, these have been the biggest:

CryptoLocker: CryptoLocker was one of the first major ransomware attack of the 2010s; at its peak in 2013 and 2014, it affected over 500,000 machines. It used a botnet, spread through spam email, to encrypt user files. Overall, with its variants taken into account, CryptoLocker harvested about $3 million.

TeslaCrypt: TeslaCrypt was targeted at gamers, capitalizing on the value that dedicated users place on files like saved maps, games, and downloadable video game content. It encrypted these files for ransom. Interestingly enough, the developers of the attack ended up publicly releasing the encryption key.

SimpleLocker: SimpleLocker is one of the first large-scale mobile ransomware attacks. Targeted at Android users, it encrypts mobile files via a Trojan downloader.

WannaCry: One of the most notable attacks of 2017, WannaCry raced across the United States and Europe, notably affecting hospitals. The attack took advantage of a noted Microsoft vulnerability known as EternalBlue. While the patch had been issued, many systems failed to implement updates and were left vulnerable, contributing to the high volume of infections.

NotPetya: Bearing a superficial resemblance to another attack called Petya, NotPetya wreaked havoc worldwide this summer, starting in the Ukraine. It’s believed to be designed for destruction rather than profit, as the mechanisms in place for extortion were shut down as the attack gained steam. Experts believe it may have been a targeted cyberattack against the Ukraine – but many businesses internationally happened to get in the line of fire.

 

What Can You Do?

In the face of the growing danger of ransomware, what is a business to do? After all, the risks are new every day. You may know the basic security best practices your business should follow, but the landscape shifts quickly, and there are always new threats just over the horizon.

It’s difficult to protect your business alone. That’s where managed IT teams come in.

At Swift Systems, we’re honored to partner with growing businesses to help them greatly reduce their risks of cyber attacks. We work alongside internal IT teams to give them the support they need, and our experts in ransomware can minimize the factors that are likely to lead to a hack.

The history of ransomware is only beginning. Stay ahead of it, and get in touch with us.