The growing popularity of ransomware has been disconcerting to many IT professionals, particularly due to the different tactics that this malware variant has been spotted utilizing. In order to protect your business from these attacks, it helps to know how they work. We’ve put together a beginner’s field guide to ransomware types to help you identify (and hopefully avoid) it.
Crypto Ransomware
Crypto ransomware works via a particularly insidious approach: it encrypts each of your files individually, ensuring that your access is completely blocked. Then, as any ransomware would, it starts a timer that counts down to when all of these files are set to be deleted. When someone is targeted by crypto ransomware, the only real option is to completely wipe the system and restore from a backup. We will never recommend that someone pays a ransomware demand, as there is no guarantee that even paying it will result in the return of your files. This is part of the reason that we always encourage businesses to keep a backup in the cloud.
Extortionware
AKA “doxware,” extortionware operates similarly to how crypto ransomware does. Files are encrypted and payment is demanded, and the same general concepts bleed over. The big difference is that extortionware threatens to leak the encrypted data, rather than delete it. While the leverage this gives the attacker is pretty much the opposite kind than that of crypto ransomware, it has proven to be just as effective in convincing the target to pay up.
Locker Ransomware
This ransomware seals off access to the user’s entire system, doing nothing to the files themselves but rendering a device essentially useless, save for the capability to pay said ransomware’s demands. This makes it very similar to crypto ransomware, just without the threat of deletion.
Scareware
Scareware is named primarily due to the tactics it uses to infiltrate its victims’ systems. Disguised as some kind of antivirus or other security program, scareware falsely alerts the target to issues present on the device and offers to resolve it for a fee. While not everyone feels that this technically classifies as ransomware, the undeniable similarity in their methods certainly links the two terms together.
What You Can Do About It:
Protecting your business from ransomware really boils down to a few key best practices:
- Educate your entire staff: Your team needs to know what to keep an eye out for to spot ransomware preemptively, and how to approach it in order to keep it from successfully taking root.
- Keep a backup: If ransomware does manage to encrypt your documents, you will want a backup ready to restore from.
- Update your software: Ransomware takes advantage of unpatched exploits in order to successfully infiltrate a system. Applying patches and otherwise updating your system can eliminate a lot of these weak points.
An exploitative issue like ransomware will stoop to really low levels to carry out its mission. For instance, one in particular has been spotted and coined as CovidLock, as it capitalizes upon a malicious coronavirus tracking application installed on Android devices. However, you can have a reliable resource in your corner to help your business defend itself.
MyTek, a Phoenix IT security firm, is ready to be that resource and reinforce your cybersecurity and attend to your other IT needs. Learn more by reading some of our other blogs and the other content on our website, or by talking to us at 623-312-2440.