Monday, September 26

Types of Ransomware: Most Popular Vectors used to deliver Attacks

How many types of Ransomware are There?

There are many types of ransomware, but the most common are encryption-based and lock screen-based.

  • Encryption-based ransomware uses strong encryption to prevent users from accessing their files.
  • Lock screen-based ransomware prevents users from accessing their computer by blocking the screen or preventing the mouse and keyboard from working.

Both types of ransomware can be very difficult to remove without paying the ransom.

Locker ransomware:

Locker ransomware is a type of ransomware that prevents users from accessing their computer by blocking the screen or preventing the mouse and keyboard from working. This type of ransomware is often difficult to remove without paying the ransom.

CryptoLocker:

CryptoLocker is a type of encryption-based ransomware that uses strong encryption to prevent users from accessing their files. This type of ransomware can be difficult to remove without paying the ransom.

Locky:

Locky is a type of ransomware that prevents users from accessing their computer by blocking the screen or preventing the mouse and keyboard from working. This type of ransomware is often difficult to remove without paying the ransom.

Double Extortion Ransomware:

Double extortion ransomware is a type of ransomware that not only prevents users from accessing their files but also threatens to delete them unless the ransom is paid. This type of ransomware can be difficult to remove without paying the ransom.

RaaS:

Ransomware as a Service (RaaS) is a type of ransomware that allows anyone to create and distribute their own ransomware. This type of ransomware is often difficult to remove without paying the ransom.

Fileless ransomware:

Fileless ransomware is a type of malware that does not rely on files to infect a computer. This type of ransomware can be difficult to remove without paying the ransom.

Macro-based ransomware:

Macro-based ransomware is a type of malware that uses malicious macros embedded in Office documents to infect a computer. This type of ransomware can be difficult to remove without paying the ransom.

What methods can be used to deliver ransomware?

Ransomware can be delivered in some ways, including through email attachments, exploit kits, and malicious websites.

Most Popular Methods [Vectors] Used for Ransomware attacks are –

Email phishing:

Email attachments are the most common method of delivery, with ransomware typically disguised as a PDF or Word document. When opened, these files will execute a piece of code that will encrypt the victim’s files.

Exploit kits:

Exploit kits are tools that are used by cybercriminals to take advantage of vulnerabilities in software. Once a victim visits a malicious website, the exploit kit will check to see if the victim’s system has any unpatched software. If it finds any, it will exploit the vulnerabilities to deliver ransomware.

Malicious websites:

Malicious websites are another common method of delivering ransomware. When a victim visits a malicious website, they may be prompted to download and install a piece of software. This software will then encrypt the victim’s files.

Remote Desktop Protocol (RDP):

RDP is a protocol that allows users to remotely connect to another computer. RDP is often used by IT staff to remotely troubleshoot issues on user computers. However, RDP can also be used by cybercriminals to gain access to a victim’s system. Once they have gained access, they can then install ransomware and encrypt the victim’s files.

USB devices:

These devices are another common method of delivering ransomware. USB devices can be infected with malware that will automatically execute when the device is plugged into a computer. This can happen if the victim downloads files from an untrusted source or inserts an infected USB drive into their computer. Once the malware on the USB device executes, it will encrypt the victim’s files.

Drive-by downloads:

Drive-by downloads are a type of malicious software that is downloaded and installed without the user’s knowledge or consent. This can happen if the victim visits a malicious website or clicks on a malicious ad. Once the software is installed, it will encrypt the victim’s files.

Pirated software:

Pirated software is often infected with ransomware. This happens because cybercriminals will insert ransomware into the code of pirated software to spread it to as many people as possible. When someone downloads and installs pirated software, they may also be inadvertently installing ransomware onto their system. Once installed, the ransomware will encrypt the victim’s files and demand a ransom payment to decrypt them.

Removable media:

Removable media is another common method of delivering ransomware. This includes any type of extended storage device, such as a USB drive, CD, or DVD.infected with malware that will automatically execute when the device is plugged into a computer. This can happen if the victim downloads files from an untrusted source or inserts an infected USB drive into their computer. Once the malware on the removable media executes, it will encrypt the victim’s files.

What is the most popular ransomware in history?

Ransomware is a type of malware that encrypts victims’ files and demands a ransom to decrypt them.

CryptoLocker:

CryptoLocker is the most popular ransomware in history. It was first seen in 2013 and quickly spread throughout the world. Over 500,000 people were infected with CryptoLocker, and over $3 million was paid in ransom. CryptoLocker encrypted victims’ files and demanded a ransom of $300 to $600 to decrypt them. Many people paid the ransom, but there was no guarantee that their files would be decrypted. In 2014, CryptoLocker was shut down by law enforcement, but many other ransomware programs have since emerged.

WannaCry:

One well-known ransomware program is WannaCry. In May 2017, this program infected over 230,000 computers in 150 countries and caused billions of dollars in damage. WannaCry encrypted victims’ files and demanded a ransom of $300 in Bitcoin. The attack caused widespread panic and highlighted the importance of cybersecurity. Another notable ransomware program is Locky, which first appeared in 2016. This program encrypted victims’ files and demanded a ransom of 0.5 Bitcoin (approximately $400 at the time). Locky was particularly effective because it used social engineering to trick victims into opening malicious attachments that contained the malware.

Leave a Reply