Ransomware Attack

Ransomware is a type of malware attack that blocks you from being able to access your data. It’s used by cybercriminals to hold data hostage until a ransom is paid. They do this by encrypting the files on your system as well as adding malicious extensions. Often this is just the beginning, ransomware is enormously powerful, it can spread via your network. If it does this you can lose access to drives, servers, attached computers, and other accessible systems.

Like any ransom situation, there is usually a time limit on when you need to pay these criminals before something worse happens. Cybercriminals may sometimes double the amount due if the ransom isn’t paid on time. Some of these criminals have been known to even offer payment plans where you pay down your ransom getting incremental access to your data with each payment. Other times not paying can result in losing your data forever either from deletion or the inability to access it. 

Types of Ransomware Attacks

Locker ransomware.  

This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window displaying the ransom demand to make the payment. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn’t usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely from a locker ransomware attack. 

Crypto ransomware.  

The aim of crypto-ransomware is to encrypt your important data, such as documents, pictures, and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: “If you don’t pay the ransom by the deadline, all your files will be deleted.” and due to the number of users who are unaware of the need for backups in the cloud or on external physical storage devices, crypto-ransomware can have a devastating impact. Consequently, many victims pay the ransom simply to get their files back. 

Ransomware Attack Photo

Ransomware Attack Examples 


Reveton is a ransomware application that is sent in the form of spam email campaigns and phishing emails. It claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a ‘fine’ must be paid to restore normal access. 

Reveton scans the device for outdated or exploitable plugins. If the system has a weakness, the program locks the device and prevents the user from accessing the computer. 

Reveton’s criminal creators were arrested in 2013, but different variations of the program are still active. The latest versions of the ransomware install password-stealing malware that stays within the system after the victim pays the ransom. 

Crypto Locker 

The first report of Crypto Locker happened in September 2013. This Trojan targeted devices running Microsoft Windows and spread via infected email attachments and a Gameover ZeuS botnet. 

Once activated, Crypto Locker encrypted files on local and mounted drives with RSA public-key cryptography. Crypto Locker was the first ransomware to encrypt data with a different symmetric key for each file. The program was able to encrypt 70 file formats. 

Crypto Locker succeeded in extorting millions of dollars worth of bitcoin in just nine months. In May 2014, the U.S. Department of Justice disabled the Game over ZeuS botnet. In doing so they were able to get ahold of the keys of which they made public online for free allowing individuals to regain access to their data. 


CryptoWall is an improved version of cryptodefense it first appeared in early 2014. This ransomware spreads via phishing emails, exploit kits, and malicious ads. The average ransom amount was $500 however it ranges from $400-$10,000. 


TorrentLocker is a ransomware Trojan that started to appear in 2014. The ransomware primarily spreads through spam email campaigns.
Once the infection starts, TorrentLocker scans the system for programs and files before hiding the contents via AES encryption. The ransom is typically around $500 worth of Bitcoin, and the victim has three days to pay. 


The first Locky attacks happened in February 2016 when hackers sent about half a million corrupt emails to random addresses. 

Locky spreads by phishing emails with malicious attachments. A typical strategy is to send fake invoices with an infected Microsoft Word document containing malicious macros. 

If the ransomware attack victim enables Office macros within the corrupt document, a binary file downloads a Trojan that encrypts all files with a particular extension. Locky generates decryption keys on the server side, making manual decryption impossible. 

Locky can encrypt over 160 file types. The program focuses on attacking files used in the development, engineering, and QA teams. After encryption, the victim must download Tor and visit a Dark Web website for more information. A typical ransom ranges between 0.5 and 1 Bitcoin. 

A later version of Locky started to use a JavaScript attachment that automatically runs if the user opens the file. 


Cerber emerged in February 2016 and was a Ransomware-as-a-Service (RaaS) program. Third parties could use Cerber to attack users and, in return, pay the owners an affiliate fee. 

Cerber targeted cloud-based Office 365 users with phishing campaigns. Typically, victims received an email with an Office document. If the victim opened the file, the ransomware quietly encrypted data in the background. The victim then found a ransom note in an encrypted folder or as a desktop background. 


Instead of encrypting files, Petya encrypts the entire hard drive. Petya primarily spreads through HR departments of mid-to-large companies. Attackers typically send fake job applications with infected PDF files or Dropbox links. 

An attack starts with an infection of the computer’s master boot record (MBR). Petya then overwrites the Windows bootloader and restarts the system. Upon startup, the payload encrypts the Master File Table of the NTFS file system. The victim then sees a ransom note asking for payment in Bitcoins. 

Organizations targeted by ransomware can ensure business continuity and data availability with Disaster Recovery as a Service. 

Attackers typically combine Petya with Mischa, a secondary program that activates if Petya fails to install. Mischa encrypts user documents and executable files. 


This ransomware gradually deletes files each hour the victim refuses to pay the ransom. The initial name for Jigsaw was BitcoinBlackmailer, but the name changed after attackers started to use imagery from the Saw film franchise. 

Jigsaw spreads through a malicious attachment in spam emails. Once activated, the program encrypts all user files and the MBR (master boot record). A popup screen then asks for a ransom of which is expected to be paid within the hour, or the program deletes a random file. Jigsaw continues to delete data for up to 72 hours, after which the program permanently deletes all encrypted files. 

The latest versions of Jigsaw also threaten to expose personally identifiable information (PII), putting additional pressure on the victim to pay the ransom. 

In Conclusion

Ransomware attacks can vary in severity some attacks cost an individual money others personal data and it can even affect whole industries disrupting economies as we have seen with the colonial pipeline ransomware attack. One thing is for sure it is important to be protected from these threats. Information security services are becoming more and more a must-have and less of a luxury.

Fill out the form below and download the FREE guide.
Get It Free Today
Information Security Edition
Voted #1 Most Helpful
Download The FREE Guide