Ransomware Variations Cause Complex Damage

October 28, 2021


Ransomware is the marquee cybercrime this year, making headlines with devastating attacks that have impacted several major economic sectors like the Colonial Pipeline incident, and audacious nation-state actions. Ransomware now accounts for 69% of all attacks involving malware. In this year’s, Verizon/Ponemon Institute Data Breach Investigations Report, the number of breaches studied that included ransomware doubled, another confirmation of just how dangerous this phishing-related threat is for every organization.  

Excerpted in part from our eBook Cracking the RANSOMWARE Code, available now. GET YOUR COPY>>

Size Doesn’t Matter for Ransomware Risk

Ransomware gangs don’t discriminate – they’re just as likely to hit a small or medium-sized business as large businesses. Big business only made up 50% of all ransomware attacks between August 2020 and July 2021. That’s one reason why ransomware is such a popular weapon for cybercriminals. In addition to being extremely lucrative, ransomware’s versatility as a weapon against targets of any size is a big reason why cybercriminals favor this method of attack.  

The fact that ransomware will continue to be a preferred tool of cybercriminals is reason enough to learn more about ransomware basics. We’ve covered the relationship between phishing and ransomware as well as exploring the characteristics of a business that is especially appealing to ransomware gangs.  But the foundations of ransomware itself are also illuminating and learning more about that will enable you to better understand what you’re up against. 

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>

Ransomware itself generally conforms to one of two basic frameworks : 

Locker Ransomware 

Locker ransomware makes devices unusable, like computers or machinery. For companies whose primary business is the handling, transfer and processing of data that’s an enormous problem because it essentially shuts down their business, causing expensive and damaging costs like lost productivity to ratchet up. It also greatly impacts entities that handle shipping, traffic control, logistics and transportation by preventing them from accurately measuring and controlling the movement of things like ships and trucks. 

This is the type of ransomware typically used in infrastructure attacks or attacks against manufacturing targets. We’ve seen locker ransomware at work against many types of machine-dependent businesses in 2021, and as manufacturers continue to transition to using more internet-enabled or networked machinery, this type of attack will continue to grow. It’s starred in attacks against breweries, technology manufacturers, even candy companies, in 2021.  

Crypto Ransomware 

Crypto ransomware is all about encryption. This is the type of attack that encrypts data, like a customer database, making it unable to be accessed. This is an easy sell for cybercriminals who want to make a quick profit and is generally more common. Data is a highly profitable commodity on the dark web. After the ransomware is unleashed, it quickly encrypts data but generally does not impact machines or other equipment. The successful cybercriminals then offer to sell the victim a decryption key to free that data.  

This type of action is also likely to be coupled with a locker component or even applied twice in the same attack. Encryption can sometimes be broken open by specialists, but that’s going to cost the victim a pretty penny. This is also the most common source of a data breach during a ransomware attack. Encrypted data can potentially be restored from backups. However, if one of the cybercriminal’s extortion demands is for the victim to make payment to prevent the data from being copied or sold, just restoring that data doesn’t take care of the problem. 

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Expect a Cornucopia of Ransomware Variety 

Ransomware gangs may be equal-opportunity offenders, but ransomware attacks aren’t a one size fits all proposition. Every cybercrime gang has its own secret sauce – it’s signature variety or varieties of proven effective ransomware. Just like any other technology developers, cybercrime gangs also devote resources to refining their proprietary ransomware and perfecting their social engineering techniques in order to keep their tools effective as new security obstacles fall into place against them.  

That tech is a strong selling point for successful cybercrime organizations to showcase when recruiting affiliates. Smaller satellite groups, affiliates are often the main worker bees in a ransomware operation. In a typical ransomware-focused cybercrime organization, you’ll find a major gang with an array of smaller affiliates. The larger boss gang supplies the tech and takes care of many administrative aspects of a successful attack, like negotiating payment (and gets paid an average 10 – 20% of the ransom for its trouble), while the affiliate is in the trenches conducting actual cyberattacks.  

The makeup of each particular brand of ransomware is often the first clue that defenders or journalists have as to the identity of the gang behind a ransomware attack. A recent report on common ransomware types concluded that the most popular ransomware “brands” in the first half of 2021 were: 

  • Ryuk in 93.9 million instances 
  • Cerber used in 52.5 million recorded hits 
  • SamSam  in 49.7 million recorded instances 

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>

Ransomware Variations You Can Expect to See

Here are some of the variations on the ransomware theme that are commonly found within the vast array of ransomware that gangs are using today. 

Double & Triple Extortion Ransomware 

Double extortion ransomware is the most popular variety and typically what an organization is facing if it falls victim to attack. Most major ransomware gangs and massive incidents that you’ll hear about in the media involve double extortion ransomware. In this scenario, cybercriminals cause two negative effects for their victims like locking down data and threatening to use it to do the company harm Then they can double their profits by requiring their victims to pay twice: once for the usual decryption code and a separate fee to not have the data released by the gang or another ill effect. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020. 

Triple extortion ransomware is also on the table, and popular for obvious reasons. If you’re going to extort two ransoms from your victim, why not go for three? A triple extortion ransomware attack may not only hit the victim for a ransom for a decryption key to unlock their data and to have any stolen data returned and may also include a payment to avoid another damaging effect like the release of particularly sensitive data on the dark web where it can quickly be picked up and turned into a story by tech journalists. 

Double Encryption Ransomware 

This especially nasty version of crypto ransomware has two big advantages for cybercriminals. Double encryption ransomware locks down data twice with two separate encryptions, making it much harder for organizations to bring in ransomware experts to free their data. That double lockdown enables bad actors to pull their typical double extortion trick by asking for two separate ransoms for two separate decryption keys – and their victims are more likely to pay because of the complexity of this attack.  

Precisely Targeted Ransomware 

Targeted ransomware is the new trend, and it is exploding. In this style of attack, bad actors don’t craft a spear phishing email designed to appeal to many targets; instead, they cook up a spear phishing email designed to lure in a few very specific targets, often executives or people with IT management or spending power in an organization in order to increase the likelihood that the message makes it through security and doesn’t raise suspicion, even in the target. 

How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>

Risk is Impacted by Industry & Demand

One driver of a surge in ransomware attacks has been the hot dark web data markets. The most desirable type of data for cybercriminals to snatch is credentials, followed closely by personal data and healthcare data. Ransomware attacks increased substantially against companies known to have deep databases and that trend continues.  

Going hand in hand with an increase in the number and frequency of ransomware attacks that businesses have to battle, ransomware demands are on the rise as well. A report in Tripwire details new research showing that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million. 

The vast majority of ransomware is still delivered through phishing messages, and that’s a challenge for IT staffers to negotiate when email volume is high. Staffers working remotely are heavily email dependent, with more than 55% relying on email as their primary means of communication. Higher email volume means more phishing, bringing more ransomware in its wake.  In just the first part of 2021, Google recorded an astonishing 2,145,013 phishing sites, up from 1,690,000 in the same period in 2020, an increase of almost 30% in one year. Many of those phishing sites were a gateway to enable cybercriminals to launch ransomware attacks. 

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Uncover the Secret to a Strong Ransomware Defense 

Stopping ransomware starts with stopping phishing. Establish a smart defense against ransomware threats in a flash with automated, AI-powered email security from Graphus. The ideal choice to combat the flood of dangerous phishing email heading for every business, Graphus layers security for more protection with three powerful shields. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.  
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.    
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review. 

The choice is clear: smart, automated email security is the right move for businesses in 2021 and beyond. Let us help you give your business the big benefits of automated security at a small price without sacrificing functionality or innovation when you choose Graphus. Book a demo today.

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus