Ransomware – Types, Common Attacks and How to Protect Yourself

Over the years, cybersecurity has become a top priority for individuals and organisations alike. One of the most insidious types of cyber attacks is ransomware, as it causes significant financial and operational damage. The best way to protect against ransomware attacks is to be aware and educated about what it is, what it does and how to stop it. In this blog,  we outline  the common types of ransomware, examples of high-profile ransomware attacks  and share practical steps you can take to protect yourself and your organisation. Read on to learn more.

Understanding Ransomware

Ransomware is malicious software (commonly known as malware) that locks a  victim’s files by encrypting them, making it inaccessible until a ransom is paid. Cybercriminals use various tactics to deliver ransomware, including phishing emails, malicious attachments and exploiting software vulnerabilities.

Common Types of Ransomware

Ransomware exists in various forms, each with their own unique characteristics and attack methods. We’ve outlined the most common types below.

Crypto Ransomware

In this type of ransomware attack, a victim’s files are encrypted and remain inaccessible until a ransom is paid to the attacker in cryptocurrency. The attacker demands a ransom that must be paid in cryptocurrency in exchange for the decryption key. This type of ransomware is highly destructive as it targets critical data.

Double Extortion Ransomware 

This type of ransomware attack employs a two-pronged approach involving data encryption and data theft. Before the attackers encrypt the victim’s data, they steal it and store it for safekeeping. If the victim refuses to pay the ransom, the attacker threatens to leak or sell the stolen data.

This gives the attacker leverage against victims who attempt to restore their data from a backup instead of paying the ransom demanded by the attacker. Maze is a variant of double extortion ransomware that was most active during 2019 and 2020.

Triple Extortion Ransomware

This type of ransomware attack adds a third layer of extortion to the double extortion method. In addition to stealing a victim’s data and subsequently encrypting it, an attacker adds a third layer by threatening the victim with a distributed denial-of-service (DDoS) attack if the ransom isn’t paid.

Locker Ransomware

Locker ransomware locks the victim out of their system. The attacker may pretend to be a law enforcement agency and display a popup on the victim’s system claiming that their device has been locked due to illegal activity. The attacker then demands a ‘fine’ be paid to unlock the system and allow the victim to use it again. This type of attack may also encrypt the victim’s files.

Scareware

Scareware is designed to frighten victims into believing their computer is infected with a virus or has been involved in illegal activities. The attacker demands payment to ‘fix’ the fabricated problem. Fake antivirus software is a common type of scareware.

Doxware (Leakware)

Doxware, or leakware, threatens to publish sensitive or confidential information unless a ransom is paid. This type of ransomware can be particularly damaging for individuals or organisations that work with sensitive data.

RaaS (Ransomware as a Service)

Ransomware as a Service (RaaS) is a growing trend where cybercriminals offer ransomware kits for sale or rent on the dark web. This enables less technically skilled attackers to launch ransomware attacks. The RaaS model often involves a profit-sharing scheme between the ransomware developers and the attackers.

The Worst Ransomware Attacks in History

Over the years, there have been several ransomware attacks. However, some ransomware attacks impact systems worldwide and cause damage ranging from hundreds of millions to billions of dollars. . Here are some examples of the worst ransomware attacks in history:

1. WannaCry

The WannaCry ransomware attack in May 2017 was one of the most devastating cyberattacks in history. It exploited a vulnerability in the Microsoft Windows operating system and encrypted data on over 200,000 computers across 150 countries. The ransomware demanded payment in Bitcoin to decrypt the infected files.

2. NotPetya

The NotPetya attack in June 2017, initially believed to be ransomware, was later identified as a type of wiper malware disguised as ransomware. It primarily targeted organisations in Ukraine but quickly spread to other parts of the world. The attack exploited a security vulnerability in a commonly used accounting software halting operations at  airports, major shipping ports, and over 2,000 companies.The attack caused over $10 billion in damages globally.

3. Ryuk

Ryuk ransomware has been active since 2018, targeting large organisations and demanding substantial ransoms. It is known for encrypting network drives and sensitive data, causing significant disruption to businesses and critical infrastructure. It is typically delivered through spear phishing emails or by using compromised user credentials to access enterprise systems via Remote Desktop Protocol (RDP). Once a system is infected, Ryuk encrypts specific files and demands a ransom for the key.

Ryuk is notorious for being one of the most expensive ransomware types, with ransom demands averaging over $1 million. The cybercriminals behind Ryuk primarily target enterprises with the resources to pay such substantial amounts.

4. Maze

Maze ransomware gained notoriety in 2019 for its double extortion tactic, where attackers not only encrypted data but also threatened to publish or sell it unless the ransom was paid. This tactic has since been adopted by several other ransomware groups.

5. Colonial Pipeline

In May 2021, the Colonial Pipeline ransomware attack highlighted the vulnerability of critical infrastructure. The attack forced the company to shut down its operations, leading to fuel shortages and widespread disruption in the United States. The DarkSide group, which operates on a RaaS model, was responsible for the attack.

How to Protect Yourself from Ransomware

Given the increasing frequency and sophistication of ransomware attacks, it is crucial to implement robust security measures. Here are some effective strategies to mitigate the risk of ransomware attacks:

1. Create Regular Backups

Backing up data regularly  is one of the most effective ways to protect against ransomware. Ensure that backups are uploaded to a reputable cloud storage service or stored offline in a location that can’t be accessed by your computer network. This enables you to restore your backup in case of an attack and saves you from paying the ransom.

2. Update Systems and Software

Keeping your operating systems, software, and applications up-to-date is essential in protecting against ransomware. Cybercriminals often exploit security vulnerabilities in software to gain access to systems. Regularly applying security patches and updates helps to mitigate security vulnerabilities and  reduces the risk of an attack.

3. Use Antivirus and Anti-Malware Software

Protect your devices by investing in trusted antivirus and anti-malware software. Keep these tools updated and conduct regular scans to detect and prevent ransomware threats.

4. Implement Email Security Measures

Phishing emails are one of the easiest ways for ransomware to attack your system. Implement email security measures such as spam filters, email authentication (DKIM, SPF, DMARC), and conduct employee training to recognise phishing attempts. Encourage staff to avoid clicking on suspicious links or downloading attachments from unknown sources, and report potential phishing emails to your IT department.

5. Enable Firewalls

Firewalls serve as a barrier between your network and potential threats. They should be configured to block malicious traffic and restrict access to critical systems. For comprehensive protection, both network-based and host-based firewalls should be used.

6. Use Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring users to provide two or more verification factors to gain access to systems and data. The use of multi-factor authentication can greatly reduce the risk of unauthorised access, even in case of a data leak.

7. Implement Network Segmentation

Network segmentation is a critical defence against large-scale ransomware attacks, a case in point is the NotPetya attack. Network segmentation requires dividing your network into smaller, isolated segments to limit the spread of ransomware. By restricting access to different parts of your network, you can contain the impact of a ransomware  attack and prevent it from affecting your entire organisation.

8. Educate and Train Employees

Human error is often a key factor in ransomware attacks. Regularly train and educate employees on best practices in cybersecurity, including recognising phishing emails, avoiding suspicious downloads and reporting potential threats. A well-informed workforce is your first line of defense against any attack.

9. Develop an Incident Response Plan

Having a detailed incident response plan in place is crucial for the swift and effective handling of ransomware attacks. Your plan should include procedures for:

• identifying and containing the attack,
• notifying relevant stakeholders,
• restoring systems and data,
• and guides for decision-making and response efforts across the organisation.

It is important to test and update your incident response plan regularly to ensure it remains effective.

10. Monitor and Detect Threats

Implement advanced threat detection and monitoring tools to identify suspicious activity on your network. These tools can provide early warning signs of a ransomware attack, allowing you to take action before significant damage occurs. Continuous monitoring helps maintain a proactive security posture.

11. Hire a Security Specialist

Working with an IT security specialist can help put your cybersecurity plans in motion. They can help plan and implement advanced security measures, set up backup and recovery solutions, keep systems updated and monitor for suspicious activity, among other things.

What to Do if You Fall Victim to A Ransomware Attack

Despite best efforts, there is always a possibility of falling victim to a ransomware attack. If this happens, it is important to respond swiftly and effectively. Make sure to:

1. Isolate the Infected Systems

In the event of an attack, time is of the essence. It is crucial to take immediate action by disconnecting the infected systems from the network. This measure is essential to prevent the ransomware from spreading to other devices. After disconnecting the infected systems, isolate the affected devices to limit further damage and protect the integrity of the network.

2. Identify the Ransomware

Determine the type of ransomware that has infected your systems. This information can help guide your response and recovery efforts. Several online resources and security firms offer ransomware identification tools.

3. Notify Authorities

Report the ransomware attack to relevant authorities, such as the Australian Cyber Security Centre (ACSC). Notifying authorities can help them track and neutralise ransomware threats more effectively and enforce structured laws and policies around cybersecurity.

4. Do Not Pay the Ransom

Paying the ransom does not guarantee that you will regain access to your data. It has been known to encourage cybercriminals to continue their activities. Instead, focus on restoring data from backups and recovering your systems.

5. Restore from Backups

If you have secure backups, it is recommended to restore your systems from these backups. Scan your backup files for any malicious software or malware before restoring  your system.

6. Conduct a Post-Incident Review

After resolving the immediate threat, conduct a thorough review of the incident to understand how the ransomware entered your systems and what security measures failed. Use this information to strengthen your defences and prevent future attacks.

In Conclusion

Ransomware is a formidable cybersecurity threat that requires proactive measures to protect against. Understanding the types of ransomware and common attack methods is the first step in safeguarding your data and systems.

By implementing robust security practices, staying vigilant and educating yourself and your employees, you can significantly reduce the risk of falling victim to a ransomware attack. Take action today, schedule a free consultation with IT for Business to learn how we can help fortify your defences against ransomware and other cyber threats.