11 Ransomware Terms Your Clients Need to Know

Encryptors

Most ransomware attacks actually function by encrypting some amount of data that's valuable to the company. The software they use to accomplish this task is called the encryptor.¹ Encryptors can be extremely sophisticate or extremely simple. Often, different groups will use the same software multiple times, but with a different key.

The key

In general, every time the encryption software runs, it generates a different key that the hackers will try to sell to the organization that they're attacking. Although there's no guarantee that the key will work to decode the data, sometimes acquiring the key is the fastest way to regain access to your lost systems.

Screen lockers

Screen-locking software² is another approach to restricting an organization's access to its data and systems. Hackers usually choose between using encryption software or screen-locking software. The difference is that screen-locking software is a type of malware that stops the rightful owners of the system from logging in at all. It can be a popup that informs the users that their system has been hacked. This software often delivers the ransom note at the same time it locks the devices.

Spear-phishing

Spear-phishing³ is a type of phishing that targets a specific vulnerable source and attempts to lead them to a website that will infect their computer. Usually sent from a faked sender that the target trusts, this type of attack is usually better planned that your average phishing attack. By looking at whom the target might be likely to trust and faking communication from that source, the hackers have a higher-than-average chance of success.

Ransomware-as-a-Service

Ransomware-as-a-Service (RaaS)⁴ has recently changed the game in terms of access to sophisticated ransomware software for low-level cybercriminals. Larger criminal organizations sell the use of their powerful ransomware software on a subscription basis to essentially anyone who is interested, allowing a much wider range of criminals to attack organizations.

Scareware

Scareware⁵ is a tactic used to shock employees or other targets into visiting a website that may infect their systems. Usually launched through a popup on the target's screen, the attack tries to convince people that something is wrong with their computer, and they can fix it by visiting an infected website.

Trojans

Trojans are one of the most common vectors for ransomware attacks. These programs infect your computer and then try to trick you into giving them your credentials or other valuable data. By faking real login pages and overlaying them on top of the real page, these attacks can be hard to detect. Once the hackers have your login credentials or admin privileges, they can quickly access the entire network and hold it for ransom.

Petya Family

Petya⁷ is a family of ransomware that infects Windows PCs by quickly and silently spreading through the operating system. Originally developed by the National Security Agency (NSA) and then repurposed by hackers, the Petya family of ransomware has reportedly done at least $10 billion of damage over its lifetime. The Petya system was unique when it launched, because instead of encrypting files on the computer, it encrypted the file system itself. This encryption proved extremely difficult to circumvent.

GoldenEye

GoldenEye⁸ is a form of Petya-style ransomware that was mostly used to target German businesses in 2016. Although now defunct, GoldenEye was one of the most popular softwares of its time and was the final iteration of that particular strain of Petya.

CryptoLocker

A Trojan-based form of ransomware that targets Windows computers, cryptolocker⁹ has been used to extort millions of dollars since its debut in 2017. Although its original form has since been taken offline, newer forms of this ransomware still exist and can be found attacking targets.

Bad Rabbit

Bad Rabbit¹⁰ is a type of ransomware that spreads through fake Adobe Flash updates on the internet. When the user allows the malware to update, it can lock certain files or elements of the PC and then demand a ransom.

Ransomware comes in many different shapes and sizes, but always has a few similar characteristics. Hackers will try to trick their way into your system, change something about the way your system operates, and then demand payment for a return to normalcy.

As attacks get more and more frequent, it's becoming less of a question of if your organization will be attacked by ransomware than when you will be attacked. A comprehensive cybersecurity/insurance policy is one of the only ways to ensure that these attacks won't take a hefty toll on your business and finances. And while these measures aren't foolproof, they can make the difference between inconvenience and bankruptcy.

Sources

¹"Ransomware Attacks and Types — How Encryption Trojans Differ," Kaspersky, accessed 25 Aug 2022.

²"How Screen Locker Ransomware Works," Logix Consulting, 13 Dec 2019.

³"What I Spear Phishing?," Kaspersky, accessed 25 Aug 2022.

⁴Baker, Kurt. "Ransomware as a Service (Raas) Explained," Crowdstrike, 7 Feb 2022.

⁵"Scareware,"Fortinet, accessed 25 Aug 2022.

⁶Zelonis, Josh and Trevor Lyness. "Forrester's Guide to Paying Ransomware," Forrester, 5 Jun 2020. Gated report for purchase.

⁷"What Is Petya Ransomware?," Proofpoint, accessed Aug 2022.

⁸Cooper, Stephen. "What Is GoldenEye Ransomware and How to Protect Against It?," Comparitech, 17 Jul 2021.

⁹"Cryptolocker Virus Definition," Kaspersky, accessed 25 Aug 2022.

¹⁰Raymond, Michael. "Bad Rabbit Ransomware," Varonis, 6 May 2022.