Types of Ransomware used in 2020

Types of Ransomware Used in 2020

Ransomware is one of the scariest and most insidious types of malware that you can get. It has been responsible for many high-profile hacking attacks in recent years, and it seems to be an effective tactic. That is unfortunate because many companies and individuals have been swindled by ransomware scams.

What Is Ransomware?

Ransomware works by using a tool that is supposed to provide security for your computer. We are talking, of course, about encryption. Encryption is normally used to repel intruders, but ransomware turns it against you instead. Once they have penetrated your system in some way, the hacker will encrypt all your data. This will make it impossible for you to read or recover anything from that machine.

At that point, the hackers will send an anonymous message demanding payment. They will then promise that you can regain access to your systems by meeting their demands. Unfortunately, you probably won’t get your data back even if you pay the ransom. Why? Because the hackers are not under any obligation. They hold all the cards, and they can deal with you as they see fit. Pretty bad, huh?

Most Common Types Of Ransomware Used In 2020

In order to protect yourself against these threats, it is essential that you understand them. Today, we will focus on that goal rather than on prevention or repair. The first thing you need to understand is that there are two main types of ransomware out there: Crypto ransomware and locker ransomware.

Crypto ransomware is the most common type and works by encrypting all your files in place. This is full-disk encryption, so it takes longer than a locker-type program. Locker ransomware is another story. Rather than encrypting the files, it creates an encrypted container and locks it tight. This kind of ransomware is less sophisticated, but also much faster and easier for the hacker.

The Maze

This program is one of the latest and worst cybersecurity threats on the scene. This type of program has already been used to attack several major companies, including Canon, Cognizant, and Xerox. Not only does it work by encrypting files (much like any ransomware), it also automatically publishes one of the records to the internet.

This program is meant to target companies for whom privacy is a large concern. This might explain why healthcare companies have been some of the most frequent targets of this malware. One of the strange things about this malware is the screen that is displayed as a ransom note. It is strangely polite and even offers discounts for those who cannot afford to pay the ransom.

REvil

This ransomware virus made headlines after it was used to hack a large number of famous people. By compromising the computer systems of a lawyer who worked in the entertainment industry (Grubman Shire Meiselas & Sacks, if you’re curious), hackers were able to get all sorts of information about people like Rod Stewart, Elton John, Madonna, Bruce Springsteen, and Robert De Niro. This information included both professional details (like full contracts) and personal details (like home addresses and phone numbers).

REvil puts extra pressure on the victim with an ominous “timer” feature. Basically, if you don’t pay the ransom in time, the price goes up a little more. This is intended to freak the victim out, making them cough up the money quickly to avoid additional losses.

Ryuk

This is definitely one of the most common and dangerous ransomware programs out there, and it has been seen in many high-profile attacks. Its popularity mostly comes from the strength of its encryption, which is military-grade. We usually recommend 256-bit AES encryption, and that is partly because the government and military use those standards. Unfortunately, that means you are very unlikely to decrypt your files, even with the best tools.

Ryuk is also a very versatile tool, as it uses a wide variety of secondary methods to get a “foot in the door.” This might include anything from trick emails to botnets and remote desktop services. By the way, you should never enable remote desktop services on a Windows computer. Although it can be useful when getting tech support directly from Microsoft, it represents a giant security hole.

Tycoon

This is a recently-discovered ransomware virus that has been used to attack both large and small businesses. Its most distinctive feature is the fact that it is written in Javascript. Of course, it is a modified version of Java, but it works in virtually the same way. By imitating the Java runtime environment, it can find many ways to penetrate and infect a given machine.

Tycoon is also distinctive in the fact that it denies administrative privileges to the user. That means they won’t even be able to try and remove the malware or decrypt their files. Pretty much all security tasks require admin privileges, so Tycoon is definitely one of the most clever and dangerous of these programs.

NetWalker

This insidious program, also known as Mailto, infected quite a lot of computers this year. It seems to be highly automated, as it includes an embedded configuration that locks the user from making any major changes to the system. Clearly, such a move is intended to demoralize the victim and make them pay the ransom. Like Tycoon, it cuts off any attempt to circumvent its encryptions.

This one has mainly been known to spread through the use of coronavirus-related phishing emails. A lot of scammers are trying to use the Covid-19 crisis as a part of their scams, as it gives them an easy way to create a false sense of urgency.

Conclusion

If you should happen to be targeted by any of these programs, you are in for a bad time. These are the latest and most dangerous threats, but they can be dealt with effectively. Of course, that will probably require the help of a competent IT company that has dealt with these problems before. We would recommend that you call PCH Technologies at (856) 754-7500 to learn more about what you can do.