What is a Ransomware Attack? The Top 5 Examples

SoftwareLab Blog

What is Ransomware?

Ransomware is a piece of malicious software that uses encryption to prevent access to your files and take your computer hostage. Before you can regain control of your files, you may have to pay hundreds of dollars in ransom. Read on to learn more about the most common types of ransomware and the best ways to keep your computer safe.

What you will find out in this article: 

  1. What Is Ransomware?
  2. What Types of Ransomware Exist?
  3. Examples of Ransomware
  4. How to Remove Ransomware

Ransomware is one of the biggest cybersecurity threats that has affected millions of people and business around the world. Don’t risk becoming one of them. Take a look at our comparison of the best antivirus software and protect your files.

Tibor Moes

Founder, SoftwareLab

Ransomware

What once sounded like a plot of some mediocre high-tech thriller has become a harsh reality in this digital age we live in. The rise of ransomware in recent years has turned millions around the world into victims of money-hungry hackers. Since the first major ransomware attack in 2013, this cyber threat has earned hackers millions of dollars in ransom money and cost businesses billions in lost profits.

What Is Ransomware?

Ransomware is malicious software that encrypts files on an infected computer, thus preventing the owner from accessing them. The owner is asked to pay money in return for the decryption key that they can use to unlock their files, hence the name ransomware. The ransom for private users is usually set at a few hundred dollars, whereas business owners are typically asked to pay thousands. In most cases, hackers demand that the ransom is paid in cryptocurrency so that it cannot be traced by the authorities.

Like all other types of malicious software, ransomware is mostly distributed through phishing emails that link to malicious content or contain compromised attachments. In addition, users can unknowingly download it when they visit infected websites that install malicious software on their computer without their consent. Nowadays, ransomware is also distributed via social media and instant messaging apps.

When you install ransomware on your computer, it will encrypt your files in just seconds, so you won’t have much time to react. As a rule, you should immediately see a splash screen that informs you about the encryption and provides detailed payment instructions. If your screen isn’t locked, you may still be able to see your files, but trying to open them will give you an error message. Some types of ransomware also show logos of the FBI or Interpol to scare the victim into thinking that the police are involved.

Although it has been around since 1989, ransomware is still a fairly new and largely uninvestigated cyber threat. While all 50 states in the United States have laws on hacking and data breaches, only a few have regulations that pertain specifically to ransomware. In the states that do have them, ransomware attacks are classified as either a felony or a misdemeanor and carry fines of up to $25,000 and 25 years in prison.

What Types of Ransomware Exist?

Based on the way they affect your computer’s functionality, most of today’s ransomware programs fall into one of the following two types:

1. Computer Lockers

Also known as locker ransomware, computer lockers block your access to your computer’s interface, thus preventing you from using it. If your computer is infected with locker ransomware, a splash screen with its author’s message and payment instructions will appear on system startup. The author might also try to persuade you that the ransom is actually a fine issued to you by a law enforcement agency.

This type of ransomware usually only prevents access to your computer’s interface and doesn’t affect the files or the system. You may thus be able to remove the ransomware and keep all your files intact.

2. Data Lockers

Because they change individual files and don’t just block access to the computer interface, data lockers are potentially more dangerous than computer lockers. Also known as crypto ransomware, this type of software scans your computer for valuable files and changes their extension to one your computer won’t be able to recognize. To unlock your files, you have to pay the ransom and obtain the decryption key.

The hackers behind data lockers are mainly targeting people who don’t back up their important data on a regular basis. Faced with the possibility of losing all their files, the victims are more likely to pay the ransom, though a good ransomware decryptor may help them regain access to their files without paying.

Other Types of Ransomware

In the last few years, some new types of ransomware have popped up. These include:

  • Scareware – Usually masquerading as antivirus software, scareware uses pop-ups to inform the victim about the alleged issues that have been found on their computer. Rather than directly extorting money from them, scareware urges the victims to quickly purchase fake antivirus software that will fix all these issues promptly. Once installed and paid for, however, the software instead acts like malware and collects the victims’ personal information.
  • Leakware – Also known as doxware, this type of ransomware threatens the victim to publish their personal information if they don’t pay the ransom. In most cases, the hackers behind leakware don’t target specific files that may contain sensitive information. Instead, they are simply exploiting the fact that many users store private information on their computers (photos, videos, credit card info, and personal documents) and are hoping to cause panic.
  • Ransomware-as-a-Service (RaaS) – While not exactly a wholly different type of ransomware, RaaS is an emerging business model that’s booming on the dark web. Rather than writing their own code, aspiring hackers can make a deal with a third-party service that will develop the software for them and immediately distribute it to potential victims. Under this deal, the RaaS provider gets to keep a portion of the ransom, while the rest goes to the hacker.

The 5 Most Destructive Ransomware Attacks

With new strains popping up almost daily and attacks becoming more and more devastating, rarely a week goes by without at least one ransomware-related item making the tech news headlines. Here are five of the most devastating ransomware attacks that have made the news in recent years.

  1. WannaCry

Exploiting the flaws in the Windows Server Message Block protocol, WannaCry encrypted the files on Windows computers and asked the victims to pay a ransom between $300 and $600 to obtain the decryption key. The technology was based on EternalBlue, a hacking tool whose code was revealed as part of the NSA leaks the year before. Launched in May 2017, this data locker infected more than 250,000 devices across the globe in just four days, earning its authors almost $150,000 in Bitcoin.

  1. CryptoLocker

CryptoLocker took the world by storm in 2013, infecting more than half a million computers via email attachments and spam message. Although the threat has since been eliminated, there were several variants of this data locker at the peak of its power. Together, they have helped their authors earn about $3 million in ransom money, making CryptoLocker one of the most profitable pieces of ransomware.

  1. CoinVault

Originally detected in 2014, CoinVault may not have had as strong an impact as some other ransomware programs. With thousands of infected Windows computers – most of them in Central and Western Europe – this ransomware strain has earned its authors little over $23,000. However, this is the first major ransomware attack to make it to court. In July 2018, two Dutch brothers behind CoinVault, one of them a minor when the ransomware was launched, were sentenced to 240 hours of community service.

  1. Bad Rabbit

Bad Rabbit first made the news in late 2017, though it was already distributed via fake Flash updates as early as June that year. This piece of ransomware mainly targeted computers in Russia and the rest of Eastern Europe, blocking access to files on infected devices. Still active, Bad Rabbit asks users to pay about $300 in Bitcoin to receive the decryption code and regain access to their files.

  1. NotPetya

First released in 2016, Petya was updated after the leaked NSA documents revealed the existence of the EternalBlue hacking tool. Renamed NotPetya, this updated version still looked like ransomware, but rather than decrypting the victim’s files upon payment, it would completely wipe them. NotPetya caused a lot of damage to networks around the world, but Ukraine’s public transport and banks were hit the hardest, prompting claims that the program was part of a Russian-orchestrated cyber attack.

    How to Remove Ransomware

    When faced with a ransomware attack, many people choose to pay the ransom rather than risking losing their important files. However, not only do the authorities strongly advise against this, but it might not be necessary at all. Most of the best antivirus software is able to quickly detect and remove ransomware from your computer without deleting your files. This might not be possible with some of the more advanced ransomware strains, which is why it’s important to know how to prevent ransomware attacks.

    To keep your computer safe from ransomware, you should never open suspicious emails or click on any links and attachments contained in them. Because ransomware exploits the flaws in software, it is essential that you regularly update your operating system, as well as all the programs installed on your computer. Finally, don’t forget to regularly back up all your data, either to an external hard drive or to the cloud. That way, if a malicious program encrypts your files, you will still have access to them.

    In addition to all this, it is important to use the best antivirus software to keep your computer protected from any potential threat. Most reputable programs have a built-in ransomware decryptor that monitors your computer in real time and quickly removes any piece of malicious software it detects. For optimal ransomware protection, make sure to enable automatic database updates and set up scheduled scans.

    SoftwareLab.org is operated by Momento Ventures Inc. © 2019. All rights reserved.

    Disclaimer: SoftwareLab.org is not an antivirus, VPN or hosting service provider and does not endorse the use of the products featured on this website for unlawful means. It is the responsibility of the user to adhere to all applicable laws. We have no control over the third-party websites we link to and they are governed by their own terms and conditions. SoftwareLab.org is supported by advertisement in order to be a free-to-use resource. We strive to keep the information accurate and up-to-date, but cannot guarantee that it is always the case.