What is Ransomware
Ransomware is one of the most debated topics in the IT world. This is due to the large-scale impact caused by the WannaCry ransomware that crippled thousands of businesses across the globe. Ransomware is continuously evolving, and it's hard to keep track of the different strains of ransomware.
While each ransomware variant has their own way of spreading, all ransomware variants rely on similar social engineering tactics to deceive users and hold their data hostage. Let’s look at the different types of ransomware variants:
Different Types of Ransomware
CryptoLocker botnet is one of the oldest forms of cyber attacks which has been around for the past two decades. The CryptoLocker ransomware came into existence in 2013 when hackers used the original CryptoLocker botnet approach in ransomware.
CryptoLocker is the most destructive form of ransomware since it uses strong encryption algorithms. It is often impossible to decrypt (restore) the Crypto ransomware-infected computer and files without paying the ransom.
WannaCry is the most widely known ransomware variant across the globe. The WannaCry has infected nearly 125,000 organizations in over 150 countries. Some of the alternative names given to the WannaCry ransomware are WCry or WanaCrypt0r.
Bad Rabbit is another strain of Ransomware which has infected organizations across Russia and Eastern Europe. It usually spreads through a fake Adobe Flash update on compromised websites.
Cerber is another ransomware variant which targets cloud-based Office 365 users. Millions of Office 365 users have fallen prey to an elaborate phishing campaign carried out by the Cerber ransomware.
Crysis is a special type of ransomware which encrypts files on fixed drives, removable drives, and network drives. It spreads through malicious email attachments with double-file extension. It uses strong encryption algorithms making it difficult to decrypt within a fair amount of time.
CryptoWall is an advanced form of CryptoLocker ransomware. It came into existence since early 2014 after the downfall of the original CryptoLocker variant. Today, there are multiple variants of CryptoWall in existence. It includes CryptoDefense, CryptoBit, CryptoWall 2.0, and CryptoWall 3.0.
GoldenEye is similar to the infamous Petya ransomware. It spreads through a massive social engineering campaign that targets human resources departments. When a user downloads a GoldenEye-infected file, it silently launches a macro which encrypts files on the victim's computer.
Jigsaw is one of the most destructive types of ransomware which encrypts and progressively deletes the encrypted files until a ransom is paid. It starts deleting the files one after the other on an hourly basis until the 72-hour mark- when all the remaining files are deleted.
Locky is another ransomware variant which is designed to lock the victim's computer and prevent them from using it until a ransom is paid. It usually spread through seemingly benign email message disguised as an invoice.
When a user opens the email attachment, the invoice gets deleted automatically, and the victim is directed to enable macros to read the document. When the victim enables macros, Locky begins encrypting multiple file types using AES encryption.
Apart from the list of attacks mentioned above, Petya, NotPetya, TeslaCrypt, TorrentLocker, ZCryptor, etc., are some of the other ransomware variants that are well-known for their malicious activities.
Preventing Ransomware Attacks
Ransomware is a critical threat to your computer and your data. By practicing safe computing habits and by using up to date security software, you can stay protected from ransomware. Do your part by remaining vigilant and install trusted security software.
For enterprise users, Comodo Advanced Endpoint Protection (AEP) is the ideal solution. With a built-in containment engine and 'Default Deny' platform, Comodo AEP provides 360-degree protection against any malware threat including ransomware.
Unlike other endpoint security solutions in the market, Comodo Advanced Endpoint Protection (AEP) leverages its unique auto-containment technology which operates from a “default deny” approach.
Comodo AEP keeps the unknown or harmful files "contained" within a controlled environment while the Valkyrie Verdict engine determines whether they are malicious or not.