Issue No. 63October 2017

Types of Ransomware

With the recent influx of ransomware stories, seemingly every week, it’s hard to keep track of the different strains. While each of these is spread in a different way, they generally rely on similar tactics to take advantage of users and hold data hostage.

Let’s take a look at some of the common strains:

  • CryptoLocker: Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, hackers have widely copied the CryptoLocker approach, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware.
  • CryptoWall: Cryptowall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits.
  • CTB-Locker: The criminals behind CTB-Locker take a different approach to malware distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.
  • Locky: Locky’s approach is similar to many other types of ransomware. The malware is spread in an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption.
  • NotPetya: Initial reportscategorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with a sole purpose of destroying data instead of obtaining a ransom.
  • TeslaCrypt: TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It’s typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder.
  • WannaCry: WannaCry is a widespread ransomware campaign that is affecting organizations around the globe.The ransomware hit over 125,000 organizations in over 150 countries. The ransomware strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue.

To learn more about how to protect your company against Ransomeware,

Contact our team at:

Phone: 858-952-5400