Ransomware. You know it means that if you are a victim that cybercriminals are going to demand a ransom to unlock your systems and give you access to your data. But what you may not know is that different ransomware types work differently—and forward-thinking companies plan for whatever variant may attack.
Types of Ransomware
In general, there are four categories of ransomware you need to know:- Encryptors: This ransomware type encrypts data, and victims need an encryption key to regain access.
- Lockers: Ransomware in this category locks you out of your system and demands ransom before it will let you back in. It may display a countdown clock that shows how much time you have to meet demands before you are permanently locked out.
- Scareware: As the name implies, this type of ransomware tries to scare you into paying, telling you that you have malware or bombarding your screen with alerts until you cough up the money they demand.
- Leakware: This ransomware type threatens to release sensitive information, like healthcare data, intellectual property (IP), or employee information, unless you pay.
Examples of Ransomware Variants
Within each category of ransomware, there are specific, named ransomware types with different features that can wreak havoc on your IT systems, data, and your business. Here are a few to keep on your radar:- WannaCry This ransomware first hit the cyberattack scene in 2017, using a Microsoft Windows vulnerability to gain access to systems. Interestingly, Microsoft had already found and fixed the vulnerability in a release, but people that didn’t update were vulnerable. WannaCry spread fast and is still infecting systems years later.
- CACTUS Fast forward to today and a new ransomware strain. CACTUS exploits vulnerabilities in virtual private networks (VPNs). It’s unique because it uses specialized scripts that automate the release of ransomware through scheduled tasks after gaining access to the system.
- Cyclops/Knight Originally branded “Cyclops” and rebranded as “Knight,” this ransomware is versatile, a threat to Windows, Linux, and macOS. It also include a “stealer” component that transfers sensitive information to ransomware actors that they can hold over victims’ heads or monetize.
- Crypto This variant is one that targets your backups as well as your systems. Network connected backups can become infected, leaving you with no way to get your data back. However, Veeam reports that many businesses find that even after they pay a ransom, they can’t fully recover their data.
Is There Anyway to Protect Your Business from Ransomware?
It may seem like a lost cause. Ransomware can infect your IT system in so many ways and behaves differently. However, the truth is, there are steps you can take to protect your business. First, learn the lesson from WannaCry and patch vulnerabilities as soon as possible. You wouldn’t go on vacation and leave your house unlocked. You also need to shut the door to cyberattackers. Next, implement email security. Even with the best training, users can accidentally click a link or enter information into a field that they shouldn’t. Email security provides a strong layer of protection against human error that can give ransomware groups a way into your system. It’s also smart to deploy strong endpoint protection and monitor activity on your network. But keep in mind that ransomware groups work hard to evade the security technology you put in place. One way to ensure you can recover your data after a ransomware attack is to create backups. Veeam has developed the 3-2-1-1-0 rule:- Three copies of data
- Using at least two different types of media
- With one copy offsite
- And one copy offline, air-gapped, or immutable
- Backups should have zero errors after automated testing and recoverability verification.
Share
Resources + Updates