#1 Global Leader in Data Resilience

5 Common Types of Ransomware

Ransomware has become a serious threat to businesses and individuals worldwide. The Coveware by Veeam Q4 2024 report show a quarterly ransom payment average of $553,959 (which is a 16% increase from Q3 2024), the median payment in Q4 2024 to $110,890. While any form of virus, worm, or malware can be harmful, ransomware can be particularly damaging because it aims to extort funds from the victim of the infection under the threat of data loss or leaks.

This article explains common ransomware types, how they work, and ways users and systems administrators can reduce the risk of infection.

What Are the Five Types of Ransomware?

Ransomware can be divided into five main categories based on the threat it presents to its victims.

  • Lockers: This style of ransomware locks users out of their machines, demanding the victim transmit payment (usually in cryptocurrency) to the attacker to release the lock. The warning may include a threat to delete the user's data if they fail to comply within a given time.
  • Crypto ransomware: This variation is similar to lockers, but it takes an additional step of encrypting the victim's files to prevent them from recovering any data on the system until they pay the ransom. Some victims still may be unable to recover all the encrypted files, even after paying the ransom.
  • Scareware: Scareware is less disruptive than other types of ransomware. It shows a fake warning to the victim, telling them their system is infected with a Trojan or virus and directing them to purchase a product to fix the issue.
  • Doxware/Leakware: Rather than restricting access to data or threatening to delete it, doxware developers threaten to release sensitive documents found on infected machines. Doxware and scareware sometimes overlap, with users of piracy websites being targeted by ransomware that threatens to alert the authorities they have downloaded illicit files.
  • Ransomware as a Service (RaaS): Professional hackers are offering up their services to unskilled attackers. The hackers distribute the ransomware, accept payments and handle decryption for their clients in return for a percentage of the payment.

Computers may become infected by ransomware accidentally through users downloading infected software from malicious websites, or via targeted attacks. It’s a common joke that malware now comes with customer service as the hackers assist victims with the process of purchasing cryptocurrencies and making the transfer to pay the ransom.

Examples of Ransomware Strains

Several ransomware strains exist, each with an infection mechanism. Some of the most well-known ransomware strains are:

  • Akira: This ransomware was first noticed in March 2023. Akira initially targeted Windows systems, but a Linux variant was released in April 2023. This ransomware is thought to have affected more than 250 organizations, netting the hackers more than $42 million in ransoms.
  • RansomHub: Released in February 2024, RansomHub is a form of ransomware that encrypts and exfiltrates data. So far, it’s claimed more than 200 victims, including public health and government organizations. RansomHub’s data exfiltration methods vary depending on the group using the tool.
  • Blacksuit (Royal): Royal ransomware is a relatively new strain released in 2023. This ransomware performs data exfiltration and leaks the victim's data publicly online if they don’t pay the ransom. The targets are usually large organizations, and the ransom demands run as high as $60 million.
  • Cicada3301: Bearing many similarities to the BlackCat ransomware, Cicada3301 is written in Rust and has become a popular tool among black hat pentesters looking to make money as a ransomware affiliate. This ransomware primarily targets small and medium-sized businesses and can infect a variety of popular modern operating systems and architectures.
  • Fog: First observed in the wild in May 2024, Fog is a ransomware that initially targeted US-based educational organizations. It works quickly, being able to go from initial intrusion to data exfiltration and encryption in as little as two hours. The ransomware uses a legitimate remote desktop application for its command and control communications, making it difficult to spot malicious activity in the early stages of the infection.
  • Quilin: This Ransomware as a Service operator appeared on the scene in 2022 and became famous in 2024 after publishing leaked data obtained from Synnovis, a supplier for the UK’s National Health Service. Quilin pays affiliates 80% of any ransoms they earn, and has infected numerous large organizations in the USA and Europe.

Ransomware FAQs

The answers to the following frequently asked questions can provide more insight into ransomware attacks.

What Is the Most Common Type of Ransomware Attack?

Crypto ransomware is the most common type of ransomware attack. This type of ransomware encrypts the victim's files, preventing the victim from accessing them until they pay the ransom. In many cases, even after paying the ransom, the data is still unrecoverable.

What Are the Four Most Used Vectors for Ransomware?

Four common attack vectors for ransomware include email attachments, browser pop-ups, instant messages, and text messages. Most attacks fool the user into choosing to run a malicious executable file.

What Are the Top Three Causes of Successful Ransomware Attacks?

The most common causes of successful ransomware attacks are user errors, such as falling victim to phishing attacks or poor cybersecurity practices. For example, installing software from an unknown source, clicking a malicious link, or plugging unknown USB devices into a computer could allow a ransomware infection to occur.

Get Protected From Ransomware With Veeam

Organizations can take several steps to protect themselves from ransomware.

Making use of antivirus software and ad-blocking tools can reduce the likelihood of an infection. Regularly performing security updates is another important security precaution.

However, technical solutions can only go so far. It's important to provide cybersecurity training to your employees so they're less likely to fall for phishing attacks or social engineering attempts.

Even with these precautions, there's still the risk of falling victim to a new attack. That's where Veeam's ransomware protection can save the day. Modern ransomware is so sophisticated that some variants can disable Windows System Restore and reach your network drive backups, preventing you from being able to recover your data. We recommend organizations follow the 3-2-1-1-0 rule to ensure maximum data protection. Even if your network backups are somehow affected by the ransomware, you can still have an off-site and offline backup to fall back on in an emergency.

If you'd like to know more about how Veeam Backup & Replication can help you protect your data from ransomware, contact us today to talk to a salesperson or book a demonstration.

Featured Resources

Data protection

2022 Data Protection Trends

The largest data protection industry report from 3K+ IT leaders

Partner icon

Request a Demo

Learn how to modernize your data protection in a live session

Contact icon

Contact Us

Get help selecting the right solution for your organization