Skip to content

Ransomware Roulette: 5 Types of Ransomware & Their Tactics

Ransomware is a devastating cyber attack threat actors use to steal, corrupt, hold for ransom, and even destroy sensitive data from enterprises. 

In 2023, 4,611 ransomware cases were reported, marking a 70% increase from 2022’s recorded cases, according to the SANS Institute.

With all the different types of ransomware threat actors deploy, is your organization secure from the evolving cyber threat landscape?

In this article, we discuss five ransomware tactics that target businesses and the methods threat actors commonly use to distribute ransomware attacks.

5 Types of Ransomware Targeting Industries Today

1. Lockerware

Locker ransomware (or “lockerware”) infects systems by preventing users from accessing their devices altogether. After the lockerware renders systems inaccessible, the user will only be able to view a lock screen that contains details of the ransom. 

2. Extortionware

Extortionware is a type of ransomware that infiltrates and steals sensitive or incriminating data from an organization, providing leverage to threat actors who then threaten to leak the information to the public unless their demands are met. 

3. Crypto-Ransomware

Crypto-ransomware, also known as encryption ransomware, is a type of ransomware designed to encrypt files on a victim's system, making them inaccessible until a ransom is paid. This type of ransomware has become increasingly prevalent and damaging due to its effectiveness and the difficulty of decrypting files without the cyber criminal’s private key. 

4. Wiper Ransomware

Wiper malware is a type of ransomware programmed to irreversibly damage or erase data on infected systems. This malicious software is commonly used against businesses, as it can take organizational operations offline and cause irreparable financial damage due to downtime.

5. Doxware

With doxware (or leakware”), threat actors compromise and steal data sources, including emails, documents, SMS messages, and more. Because the threatened release can lead to reputational damage, financial loss, or legal consequences, it's harder to avoid paying the ransom, ultimately making the attack more profitable for hackers.

Common Tactics Threat Actors Use to Distribute Ransomware

Phishing (including vishing and smishing). By placing malicious software in emails and text messages, threat actors prompt targets to instinctively open infected files. This can lead to the spread of ransomware across an organization and its systems.

Social engineering. Threat actors target employees who may be new, have higher permissions, or are ill-informed about social engineering tactics. They may pose as an authoritative figure or an executive, demanding certain credentials or authorization from their target.

Ransomware as a Service. Ransomware as a Service (RaaS) providers give threat actors the necessary resources and tools needed for initiating ransomware attacks. This makes it much easier for threat actors, regardless of their experience, to launch devastating ransomware attacks on businesses worldwide.

Drive-by attacks. Threat actors launch drive-by ransomware attacks by targeting vulnerable internal assets, such as web browsers, browser plugins/extensions, and applications. Threat actors only require the target to open any of the infected components to successfully launch a ransomware attack.

Remote Desk Protocol (RDP) targeting. While remote work offers many benefits, there are several vulnerabilities at play as well. Threat actors may scour online for vulnerable ports initiated by remote work and use the same attack vector to continuously infiltrate the company through their target.

Get the Most Comprehensive Resource for Recovering from Ransomware

Learning about different types of ransomware, including how they are distributed, is just one part of a more important strategy for keeping your business protected.

Our team of cybersecurity experts has put together a comprehensive resource for helping you recover in the event of a ransomware attack. With this resource, you may improve your chances of eliminating downtime or more ransomware attacks in the future.

Get your copy of our Ransomware Recovery Checklist today.