Over the years, the term ransomware has taken on a new meaning for many businesses and local governments. This used to be considered a relatively new and emerging form of malware. Now, attackers have transformed it into a sophisticated and aggressive form of cyber extortion. Businesses feel the impact of ransomware globally. Their leaders need to be ready for how this cybercrime will surely advance in the next year.

Read on to discover different types of ransomware and how ransomware has evolved over the years. In addition, learn the common risk factors and how you can implement best practices.

Examples of a Ransomware Attack

Ransomware first came onto the scene in the late 1980s. It made waves as a disruptive, yet crude virus designed to corrupt computer data files in an effort to blackmail users. Since technology was more limited in those days, opportunities for ransomware to infect and spread were limited. However, cybercrime and the tools used to support it have advanced a lot over the years.

Below are just some examples of types of ransomware that have caused major damages to various businesses and government entities.

Download the Definitive Guide to Ransomware

Ryuk Ransomware

Ryuk is a form of crypto-ransomware that infects systems and encrypts data belonging to organizations with little to no tolerance for downtime. Once run, Ryuk attempts to cease all antivirus and anti-malware related processes and disables system restore options.

Purelocker Ransomware

Purelocker is a ransomware-as-a-service (RaaS) attackers use against production servers of enterprises. This type of cyber extortion is sold and distributed on the dark web and uses Authenticated Lightweight Encryption (ALE) and Rivest–Shamir–Adleman (RSA) algorithms to encrypt user files.


Zeppelin is a variant of Buran ransomware and was discovered in late 2019. Usually, victims download it through Microsoft Word attachments coded with malicious macros in phishing emails. The malware then encrypts web browsers, system boot files, user files and operating systems.


WannaCry ransomware has been available for a number of years now. Despite this, it is still one of the most well-known and financially devastating forms of malware. Security professionals consider this form of attack a ransomware worm that spreads rapidly across computer networks, infecting core system processes and encrypting data files. It impacted more than 200,000 computers across 150 countries in 2017.

Understanding Common Cyber Extortion Risk Factors

As entities continue to adapt their networks, supporting higher levels of growth potential and remote working arrangements for their employees, there are many risks to consider when defending against cyber extortion. Here are some of the common risk factors entities face in 2021.

Utilizing Legacy Systems Can Invite New Ransomware

Many entities still rely on outdated and unsupported systems to manage certain aspects of their business. However, since these systems no longer receive critical patches from their developers, malicious attackers can deploy wide open back doors for cyber extortion attackers to access and manipulate company data.

Lack of User Access Control

Since the COVID-19 pandemic started, more businesses worldwide have moved to remote workforces than ever before. While some entities have certainly seen benefits from reduced overhead expenses during this transition, this change can also be dangerous. As more remote employees access cloud-based business services and connect to business networks, a lack of secure access control protocols can lead to various risks, including ransomware attacks.

No Incident Response Plan for New Ransomware

Ransomware attacks almost always occur when victims least expect them. However, most of the damage occurs during the following days of an attack when business services are down for an extended period. Without an incident response plan, you may be left with an inevitable choice to pay a hefty ransom or completely rebuild your business systems from scratch. Both of these options can impact an entity severely. In fact, the U.S. Treasury now warns that companies may be punished for paying out the ransomware demands.

Keeping Your Business Safe From Cyber Extortion

For anyone who has asked themselves “Am I vulnerable to ransomware?,” the answer is almost surely, “Yes.” While most businesses invest in some form of a cybersecurity program, they deploy it without taking a more in-depth look at their digital attack surface.

Ransomware risk assessments are an essential aspect of ensuring your business is prepared to combat the latest threats. Using a mix of thorough database and network analysis, phishing resistance tests and client and server evaluations, risk assessments can identify the critical gaps in your security while providing you with a roadmap for security improvement. 

While taking proactive steps with employees and systems to prevent a ransomware attack is important, entities should still prepare for the possibility of falling victim to an attack. By doing so, they can ensure they have adequate threat repair systems in place while also having effective incident response systems to recover from any attacks that occur quickly. 

Checklist for Cyber Extortion Readiness

Some useful strategies businesses can deploy now to minimize their ransomware attack surfaces are:

  • Adopt newer systems that support modern patches and updates.
  • Segment network access to distinct users and validate credentials.
  • Train employees on best security practices whether working on-premise or remotely.
  • Back up your business data often using third-party solutions and services.
  • Change passwords across all networks and devices often.
  • Utilize active threat monitoring solutions to recognize ransomware signatures before they deploy in your systems.
  • Use penetration testing methods through ethical hacking groups to discover hidden vulnerabilities that antivirus and anti-malware platforms may have missed.
  • Develop an extensive incident response plan.

Ransomware is quickly evolving and has become one of the most common forms of digital attack today. To ensure your business is protected from cyber extortion now and in the future, it’s essential for your organization to evolve its systems and process along with it. By conducting thorough ransomware risk assessments and building a path for network and security system hardening, you can ensure your business stays protected in 2021 and beyond.

More from Malware

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…