A 101 Guide to Ransomware Families

iQuanti: Whether you're a business owner or an average person looking to protect your online life from a ransomware attack, it's important to be aware of at least the basics so that you can avoid irreversible damage to your business and life.

In this article, we're breaking down ransomware families and everything you need to know about them. 

What Is a Ransomware Attack?

While they are more prevalent today, ransomware attacks have been around since the dawn of the world wide web.

The first ransomware attacks targeted important healthcare groups and have since developed and morphed over the years. There are two primary types, including crypto-ransomware, which will encrypt files so that a business cannot access them. The other type is locker ransomware, which, as the name suggests, locks groups out from their information. 

How Common Are Ransomware Attacks?

Ransomware attacks are more common than ever and continue to grow with the increasingly online world. Many of the common targets are small to mid-level businesses that are often highly vulnerable.

While companies work to combat the problem, ransomware creators continue to evolve to circumvent authorities, meaning the problem will only get worse as cybercriminals become more creative. Within this trend is ransomware as a service (RaaS) and the subsequent ransomware families. 

What Is a Ransomware Family?   

Ransomware families are directly intertwined with RaaS. These families have their own unique approach to carrying out a ransomware attack. There are millions of malware strands out there, but they have grouped into just over 200 ransomware families. There are three families that makeup nearly 60% of attacks:

  • Phobos
  • Stop/DJVU
  • WannaCryptor

Which Ransomware Families Are the Worst?

With hundreds of ransomware families out there, there are four that are most vicious, including Conti, Maze/Egregor, Clop, and REvil. Below is a breakdown of extortion levels, including which of these notorious ransomware families uses which level. 

Ransomware Attack Extortion Levels

There are multiple levels when it comes to ransomware attacks, and depending on the family, each will approach with their own method.

Single extortion is the first wave and involves encrypting files (or locking them) so that access is impossible for organizations. The only way to gain access back to a company's own data is to pay the fee that the ransomware family demands, but there is no guarantee paying a fee means they will live up to their word. This is the first step to a ransomware attack that is used by all. 

Double extortion, the next wave, is when those behind the ransomware attack will threaten to leak the data that they have encrypted. They may simply leak it, or they may sell it out of retaliation for not paying up. Even if you do pay the fee, your company's data is still out there and can potentially be leaked at any time or used to harm your business down the line. This method of extortion was pioneered by Maze, and it's 2.0, Egregor. 

Triple extortion contributes another layer of attacks, including a distributed denial-of-service or DDoS. The goal of the DDoS attack is to flood a server with traffic so that it disrupts normal business operations. This type of extortion was credited to SunCrypt and RagnarLocker and was quickly adopted by other families, including REvil. It's another level of affecting business so severely that a company might be tempted to pay for it to stop. 

Quadruple extortion — yes, it exists — is a last-ditch effort to reach the ransomware attacker's ultimate goal of making money. Rather than hurting just the organization itself, this fourth wave targets all victims of the attack. So for an organization whose customers' data was stolen, a ransomware family may start to reach out to the customers directly, adding a layer of fear and trouble for the organization to resolve the problem. DarkSide and Clop are notorious fans of quadruple extortion, with the latter being a new addition to the scene. 

Source: iQuanti, Inc.