What are common types of ransomware?

There are several well-known types of ransomware attacks. Crypto or encryption ransomware attacks, the most common type of ransomware, encrypt files and data on a computer and make the content unavailable without a decryption key which can only be obtained by paying a ransom. Lock screen ransomware locks down the computer and prevents access without encrypted files. Scareware is a type of ransomware attack that, rather than preventing access to files, issues fake warnings about viruses supposedly installed on the computer and demands payment to have them removed. Doxware or leakware threatens to reveal sensitive or personal information if the victim does not pay a ransom. Mobile ransomware infects cell phones through drive-by downloads or fake apps.

Ransomware Attacks | RaaS Ransomware Attacks

Overview

What are ransomware attacks?

Ransomware attacks are a form of cybercrime where malware, or malicious software, is downloaded and installed on a computer to prevent users from accessing files and data on the computer until or unless a ransom is paid.

How do ransomware attacks work?

Ransomware attacks are launched in several ways. Attackers may use phishing emails that convince recipients to share login information and passwords that attackers can use to enter a system and install malware. Emails may have malicious attachments that download malware to a computer when opened, or malicious links that take users to a website where ransomware can be downloaded. Other ransomware attacks are executed when attackers exploit vulnerabilities within software and systems to gain unauthorized access to an organization’s network.

Preventing ransomware attacks requires new technology

Ransomware attacks are increasing at an alarming rate. The U.S. government estimates that companies are subject to more than 4,000 attacks each day, resulting in $1 billion in ransom paid each year.

While ransomware attacks come in many variants – Cryptowall, Lockyand Cryptolocker are among the most common – they each follow a similar pattern. A user receives an email with an attachment that looks like a Word document, an invoice, a package notice or a fax report, along with a message that convinces the user the attachment is real. When the attachment is opened, the ransomware virus runs a file that encrypts files and documents on the user's computer. The user receives a message stating that they can get the encryption key and regain access to their files only by paying a ransom.

When trying to prevent ransomware attacks, the challenge is keeping pace with the ingenuity of attackers. And because most ransomware attacks are launched through email, any defensive measures must focus on email security. That's why so many companies around the world choose to combat ransomware attacks with help from Mimecast.

Stop ransomware attacks with Mimecast

Mimecast provides cloud-based solutions for email security, archiving and continuity that can help to prevent most ransomware attacks, provide continuous access to email during an attack, and recover quickly after attack.

Mimecast is an all-in-one, SaaS-based subscription service that significantly simplifies the task of managing business email. With powerful, easy-to-use tools and centralized administration, Mimecast eliminates the need to deploy and manage multiple point solutions from various vendors. With Mimecast, your administrators can easily configure and manage tools to stop ransomware attacks like the crypto virus and safeguard email from a variety of routine and advanced threats.

Common types of ransomware

Ransomware attacks are an ever-evolving threat that have cost organizations millions of dollars. While ransomware can threaten organizations of every size, we provide common ransomware attack examples to help inform your teams so we can fight together. Generally, there are two main types of ransomware - locker and crypto.

Locker ransomware

Locker ransomware locks up essential functions of the computer except to allow the user to pay the ransom and communicate with the cyber-attackers. It was more commonly seen against consumers and home-users during the early history of ransomware attacks.

Crypto ransomware

Crypto ransomware encrypts data, making it irretrievable without the decryption key. This can cause panic as users can typically see the files, but won’t be able to access them, which can damage a company’s bottom line every day it remains locked.

Scareware ransomware

Scareware is a type of ransomware attack that, rather than preventing access to files, issues fake warnings about viruses supposedly installed on the computer and demands payment to have them removed.

Doxware ransomware

Doxware or leakware threatens to reveal sensitive or personal information if the victim does not pay a ransom.

Mobile ransomware

Mobile ransomware infects cell phones through drive-by downloads or fake apps. You can read more about mobile ransomware in our dedicated article addressing mobile ransomware, how it works and find out about common examples for this type of ransomware.

Ransomware attacks in enterprise businesses

In addition to being compromised by the methods noted above, enterprise businesses can be particularly vulnerable to compromised passwords (given the size of their organization). Additionally, when they are compromised, they may consider paying a ransom to cut losses, but recent examples prove that paying ransoms may not be effective in preventing future losses.

Compromised passwords

A compromised password is a password that someone outside the intended organization has access to. Cyber-attackers can use a compromised password to gain direct access to a network.

In other cases, credentialed employees have intentionally compromised passwords by selling them on black markets.

This is what many suspect happened in a major cyberattack in April of 2021. On one hand, there’s not much that can be done to stop disgruntled employees from selling confidential company information, but additional layers of protection can be implemented to safeguard against this behavior.

For example, access points for cyber-attackers can require multiple passwords from multiple users in order to access them (multifactor verification). To learn how Mimecast’s email security programs can help protect passwords, schedule a demo.

When to cut losses?

According to a report published by Cybereason, 80% of companies that paid ransom suffered another attack, nearly half of those suffering a repeat attack from the same cyber-attackers.

In many recent instances of cyberattacks that impact businesses, cyber-attackers have claimed that paying their ransom is more cost-effective than hiring attorneys to pursue legal action or hiring a company to help them unlock compromised systems and data. While it’s difficult to know whether or not paying a ransom is the easiest or cheapest solution, paying a ransom doesn’t always make the problem go away.

This is one of many reasons why cyber experts typically advise organizations not to pay ransoms: after all, there’s no guarantee cyber-attackers will honor their terms of the deal to delete data.

Protecting your business from ransomware attacks

Email and cloud security services can help organizations take the necessary steps to protect themselves from ransomware attacks.

By learning from the past, we can create a more secure future together for all organizations.

While ransomware remains an ever-evolving threat, Mimecast offers data and email security solutions that can help prevent ransomware from infiltrating your systems. To learn more about protecting your team from a ransomware attack, schedule a Mimecast demo today.

Mimecast's defenses against ransomware attacks

To thwart attacks like Cryptolocker and Locky ransomware, Mimecast provides Targeted Threat Protection services that prevent users from accessing malicious attachments. Mimecast scans all incoming and archived email and, using advanced threat intelligence, identifies attachments deemed to be suspicious. Attachments can either be preemptively sandboxed until they can be examined for ransomware attacks, or immediately transcribed to a safe format that allows users to have instant access to the content in the attachment.

Mimecast also prevents users from clicking on potentially malicious links in email by scanning the destination website in real time and blocking any suspicious URLs.

To reduce the impact of ransomware attacks, Mimecast Enterprise Information Archiving provides safe storage of all email content in the cloud, enabling administrators to roll back data to a point just before ransomware attack. And Mimecast Mailbox Continuity enables users to have continuous access to email during an outage caused by an attack, a natural disaster, hardware failure or human error.

Learn more about mitigating ransomware attacks with Mimecast.

Ransomware attacks FAQs

How to identify ransomware attacks?

Since most ransomware attacks are the product of phishing emails that trick users into opening attachments, clicking links or sharing information, training users to spot phishing email is one of the most powerful ways to prevent ransomware attacks. Many phishing emails contain telltale signs such as:

Poor grammar and misspelling.
An urgent and threatening tone.
Requests for personal information.
Mismatched URLs, where a link within the body of the email directs the user to a website that is different than the site listed in the text of the email.
Mismatched email addresses, where the sender’s address is not an exact match of the domain from which it appears to be sent.

How to prevent ransomware attacks?

Preventing ransomware attacks requires a multilayered approach to security.

Antivirus software can help to detect ransomware variants that have already been identified.
Anti-ransomware solutions can identify ransomware attacks that other defenses may miss by using content scanning and filtering to identify potential threats, especially malware-less email attacks that rely on social engineering rather than malicious attachments or links.
Strong security awareness training programs can help to prevent successful attacks by continually remind employees of how they may encounter a ransomware attack and what are best practices for avoiding them.
To prevent attackers from exploiting vulnerabilities, software and system should be constantly updated with patches.
Robust backup solutions can help to restore data quickly after a successful ransomware attack.
Email continuity solutions can help to ensure continuous access to email during and after a ransomware attack, enabling the business to avoid a hit to productivity.

What to do after ransomware attacks?

Because no security program can stop every attack, it’s important to have plans for how to recover after a successful attack. Your first step should be to disconnect all affected computers from the network and shared storage to prevent ransomware from spreading. After identifying the type of ransomware, report the attack to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at www.us-cert.gov/report and to a local FBI field office. To recover data affected by ransomware attacks, you may try to decrypting files with help from specialized tools and companies, or wiping infected computers clean and restoring files for backup.

Related Ransomware Attacks Resources

Email Collaboration Threat Protection