blog page
Cybersecurity and Governance

What is Ransomware, and How Does It Work? 2023


What is Ransomware, and How Does It Work? 2023

Tuesday, February 28, 2023

Everything you need to know about Ransomware Attacks in 2023

By Dipan Mann | vCISO, CEO and Chief Network Architect


In my various roles and capacities at Cloudskope, including CEO, vCISO, and network architect, one of the most common topics I get asked about by our prospects and clients is Ransomware attacks.  The questions are usually in the following four areas:

1.     What is Ransomware?

2.    What types of Ransomware are there?

3.    How does one get [infected by] Ransomware?

4.   How do I protect myself against Ransomware?

Usually, I get these questions on the heels of a recent news event that speaks about a prominent cyberattack, including ones that have recently affected healthcare organizations, law firms, nationalsecurity infrastructure, and in some cases, the national grid.  

While the concern is valid, it is typically accompanied by dissonance at the prospect that an attack could affect the business or the people asking about it.  

Frankly, I'm surprised by the lack of understanding about this problem and the illusion and delusion that this ignorance represents.  

The illusion that the person's infrastructure, business, or data is immune to a ransomware attack and;

The delusion that a firewall and anti-virus software alone will protect the users from an attack.  

Let's look at some statistics about Ransomware before we dive into the first part about what it is:  

·        Cybersecurity Ventures predicted that a business would fall victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019. 

.        Ransomware is now the fastest-growing type of cybercrime.

·        Global Ransomware Damage Costs Are Predicted To Exceed $265 Billion By 2031.

·        The volume of ransomware attacks dropped 23% in 2022 compared to the previous year.

·        In the first half of 2022, there were 236.1 million ransomware attacks globally.

·        There were 487.4.3 million ransomware attacks globally in 2022.

·        Ransomware accounted foraround 20% of all cyber crimes in 2022.

·        20% of ransomware costs are attributed to reputation damage.

·        93% of Ransomware is Windows-based executables.

·        The most common entrypoint for Ransomware is phishing.

·        Organizations in the U.S. are the businesses most likely to be affected by Ransomware, accounting for 47%of attacks.

·        Financial institutions, accounting firms, and CPAs were the most commonly targeted SMBs out of all segments.

·        Ransomware was the most common attack type for the manufacturing industry in 2021.



What is Ransomware?

Ransomware is a type of malware intended to encrypt files on a device, making any files, applications, and programs that rely on them completely unusable.

Malicious actors often demand a ransom in exchange for decrypting the locked files or granting access to unusable data.  In extreme cases, cybercriminals may destroy the data or release confidential information to the public, despite receiving a ransom payment.

Ransomware is a denial of access that can severely impact a business's ability to function or perform mission-critical activities due to the inability to access critical data.


What are the different types of Ransomware?


Over the years, Ransomware has evolved, but the most common types of Ransomware include:


1.      Cryptographic Ransomware or Encryptors

An encryptor variant of Ransomware is the most commonly used attack, whose signature encrypts the files and data within a platform or system, thereby making its contents inaccessible without the private decryption key held only by the malicious actors.


The most common vectors for this attack are malicious files attached to infected emails, with a compelling Call-to-Action or "Click-Bait."

Encryptor Variant of Ransomware

2.     Lockers

As the name suggests, a locker variant of Ransomware is designed to completely lock users out of their systems, making files and applications inaccessible.


A lock screen displays a ransom demand note, usually accompanied by a countdown timer and call to action, to communicate urgency.  


The most common vectors for this attack are malicious files attached to infected emails, with a compelling Call-to-Action or "Click-Bait."

Locker Variant of Ransomware


3.     Scareware

This variant of Ransomware (and malware) fool a victim into believing that a virus, malware, or other significant issue was detected on your computer with an ominous warning and then directs the user to pay to have the case remediated.   In some cases, the malware will create constant pop-ups or error messages on the screen, scaring the victim into contacting the number listed to have the problem remediated.  


The most common vectors for this attack are infected websites and malicious URL redirection via ads.  

4.    Leakware or DoxWare

This ransomware and malware family variant threatens a victim by claiming to distribute private information and private data like photographs, emails, corporate intellectual property, etc.   This attack commonly claims to have compromising information, pornography, purported evidence of infidelity, or other confidential information, the release of which would cause significant harm to the reputations of the individuals or corporations.  


Stay tuned for the second part of this series, which addresess the vectors of attack and how to protect yourself from Ransomware. March 2, 2023.

Posted on:

Tuesday, February 28, 2023


Cybersecurity and Governance


latest post

The blog

The Blog

See what Cloudskope can do for you

Explore our solutions, chat with an expert, and get help when you need it.