6 common types of ransomware and what to do if you are a victim of one.

6 common types of ransomware and what to do if you are a victim of one.

Introduction

Since the pandemic, ransomware attacks have increased across the globe. As new ransomware variants are on the rise regularly, it can be hard to keep up with all the different strains. While each malware is different and its impact can vary, they tend to rely on the same tactics to take advantage of their victim and hold their data hostage. Here are the 6 most known ransomware strains. Although there are countless strains, they mainly fall into two main types of ransomware which are crypto-ransomware and locker ransomware.

Bad Rabbit

What is it?

Disguised as an Adobe Flash installers, it spreads through drive-by downloads on compromised websites, meaning victims could be exposed to the virus simply by visiting a malicious or compromised website. The malware is embedded into websites using JavaScript injected into the site’s HTML code.

If a person clicks on the malicious installer, BadRabbit ransomware encrypts files and presents users with an austere black-and-red message. It attacks a network in one of two ways: as a screen locker (blocks access to the system via a lock screen that simply claims that the system is encrypted) or an encryptor (data is locked, making it inaccessible without a decryption key).

What to do if you get attacked?

  • Disconnect any computers, servers, or other equipment on your network
  • Try to figure out the scope of the problem based on your knowledge of threat intelligence. If this is not an option, contact a ransomware solution company as soon as possible
  • Ensure all computers and servers are completely clean of malware.

Cerber

What is it?

It is a type of malicious software that encrypts your files and then holds them hostage, demanding a ransom payment in exchange for returning them to you. If this happens, you will not be able to open them anymore, and without the correct decryption key, your files will be completely locked out. It tends to target cloud-based Microsoft 365 users and it does so by using phishing campaigns.

What to do if you get infected?

For one, it depends on the severity of the Cerber infection, if it is a matter of removing it, it will not be hard. However, this will not fix the more serious issue of decrypting your files and having access to them again. Just in case, follow these best practices:

  • Restart your computer in Safe Mode with Networking. This allows you to connect to the internet while also limiting your computer’s functionality to just the basics.
  • If you have an antivirus program, open that up and make sure that it scans the computer that has been infected. This should scrub it clean, if you do not have one, you should get one as soon as possible.
  • The most important thing to remember is that you should never pay ransom for your own files! The moment you do, you will be a prime target for future attacks that may be more sophisticated, targeted and demand significantly higher ransom

CryptoLocker

What is it?

It is a type of malware that was created in 2013, although, it was shutdown in 2014, hackers have widely adopted the CryptoLocker approach. With this malware, your files are encrypted using a file extension, and if ransom is not paid, hackers will threaten to delete the data within days.

What to do if you get infected?

The more files a user has access to the more damage it can inflict. The first step is to restrict access of the user, so the malware does not spread. This not a quick fix, but it will reduce the exposure of any more files being compromised. Contact a ransomware solution company as soon as possible.

CryptoWall

What is it?

CryptoWall is known as a trojan horse because it tends to disguise itself as a non-threatening application or file. It baits the end user to click it and download the file thinking that it is something recognizable and safe.

It is a particularly nasty form of ransomware because it does more than just encrypt your files. It tries to hide inside the operating system and itself to your folders. In addition, it also deletes volumes of your files – making it difficult to restore it.

What to do if your computer gets infected?

If CryptoWall slips into your operating systems, here is what you need to do as soon as you catch on that you are infected:

  • Boot your computer into Safe Mode with Networking
  • If you have a recent and clean System Restore point, you can restore, if not:
    • Download and install a malware removal application.
    • Run malware removal app and scan all your files.

CrySIS

What is it?

CrySIS is a type of malware that locks up files on infected computers and then demands ransom in exchange for a decryption key. Files encrypted by this malware will become inaccessible and, in most cases, the files will probably not be recovered. It is typically spread via emails containing attachments with double-file extension, which makes the file appear as a non-executable file. In addition to emails, it can also be disguised as a legitimate installer for applications. Some of the long-lasting effects of Crysis can also cause a sluggish performance of your computer as well as certain tools and applications not working like they used to.

What to do if your computer gets infected?

The moment you realize that your computer has been infected with Crysis, you should attempt to remove it as soon as possible.

However, we still recommend that you get in contact with a ransomware solution provider to set up an anti-ransomware technology.

Phobos

What is it?

Phobos ransomware tend to target smaller businesses because they have fewer means. This strain of malware is very similar to CrySIS. It can encrypt files without an internet connection where each file is encrypted with an individual key or an initialization key.

Typically, ransomware developers proliferate these infections via spam email campaigns, fake software updates, trojans and dubious software download sources from the internet.

What to do if your computer gets infected?

Like with any infection, the first thing to do is to disconnect your infected device. Follow these steps to try and minimize the spread of the attack:

  • Disconnect from the internet.
  • Unplug all storage devices such as flash drives, portable hard drives etc. (however, eject safely to prevent data corruption)
  • Log out of any cloud storage accounts in that device
  • We also recommend uninstalling any cloud system in your computer until the infection is removed.

The above are actions should be taken instantly when you realize there is Phobos in your device. Once these steps are done, ensure you get in touch with ransomware solution specialist. The actions above will minimize the spread, not kill the virus.

Conclusion

To find out what you can do to fight back against ransomware and protect your data, get in touch with us for a free consultation with our ransomware solution specialists. We offer several flexible solutions that will be customized for your business.