Over the years, the term ransomware has taken on a new meaning for many businesses and local governments. This used to be considered a relatively new and emerging form of malware. Now, attackers have transformed it into a sophisticated and aggressive form of cyber extortion. Businesses feel the impact of ransomware globally. Their leaders need to be ready for how this cybercrime will surely advance in the next year.

Read on to discover different types of ransomware and how ransomware has evolved over the years. In addition, learn the common risk factors and how you can implement best practices.

Examples of a Ransomware Attack

Ransomware first came onto the scene in the late 1980s. It made waves as a disruptive, yet crude virus designed to corrupt computer data files in an effort to blackmail users. Since technology was more limited in those days, opportunities for ransomware to infect and spread were limited. However, cybercrime and the tools used to support it have advanced a lot over the years.

Below are just some examples of types of ransomware that have caused major damages to various businesses and government entities.

Download the Definitive Guide to Ransomware

Ryuk Ransomware

Ryuk is a form of crypto-ransomware that infects systems and encrypts data belonging to organizations with little to no tolerance for downtime. Once run, Ryuk attempts to cease all antivirus and anti-malware related processes and disables system restore options.

Purelocker Ransomware

Purelocker is a ransomware-as-a-service (RaaS) attackers use against production servers of enterprises. This type of cyber extortion is sold and distributed on the dark web and uses Authenticated Lightweight Encryption (ALE) and Rivest–Shamir–Adleman (RSA) algorithms to encrypt user files.


Zeppelin is a variant of Buran ransomware and was discovered in late 2019. Usually, victims download it through Microsoft Word attachments coded with malicious macros in phishing emails. The malware then encrypts web browsers, system boot files, user files and operating systems.


WannaCry ransomware has been available for a number of years now. Despite this, it is still one of the most well-known and financially devastating forms of malware. Security professionals consider this form of attack a ransomware worm that spreads rapidly across computer networks, infecting core system processes and encrypting data files. It impacted more than 200,000 computers across 150 countries in 2017.

Understanding Common Cyber Extortion Risk Factors

As entities continue to adapt their networks, supporting higher levels of growth potential and remote working arrangements for their employees, there are many risks to consider when defending against cyber extortion. Here are some of the common risk factors entities face in 2021.

Utilizing Legacy Systems Can Invite New Ransomware

Many entities still rely on outdated and unsupported systems to manage certain aspects of their business. However, since these systems no longer receive critical patches from their developers, malicious attackers can deploy wide open back doors for cyber extortion attackers to access and manipulate company data.

Lack of User Access Control

Since the COVID-19 pandemic started, more businesses worldwide have moved to remote workforces than ever before. While some entities have certainly seen benefits from reduced overhead expenses during this transition, this change can also be dangerous. As more remote employees access cloud-based business services and connect to business networks, a lack of secure access control protocols can lead to various risks, including ransomware attacks.

No Incident Response Plan for New Ransomware

Ransomware attacks almost always occur when victims least expect them. However, most of the damage occurs during the following days of an attack when business services are down for an extended period. Without an incident response plan, you may be left with an inevitable choice to pay a hefty ransom or completely rebuild your business systems from scratch. Both of these options can impact an entity severely. In fact, the U.S. Treasury now warns that companies may be punished for paying out the ransomware demands.

Keeping Your Business Safe From Cyber Extortion

For anyone who has asked themselves “Am I vulnerable to ransomware?,” the answer is almost surely, “Yes.” While most businesses invest in some form of a cybersecurity program, they deploy it without taking a more in-depth look at their digital attack surface.

Ransomware risk assessments are an essential aspect of ensuring your business is prepared to combat the latest threats. Using a mix of thorough database and network analysis, phishing resistance tests and client and server evaluations, risk assessments can identify the critical gaps in your security while providing you with a roadmap for security improvement. 

While taking proactive steps with employees and systems to prevent a ransomware attack is important, entities should still prepare for the possibility of falling victim to an attack. By doing so, they can ensure they have adequate threat repair systems in place while also having effective incident response systems to recover from any attacks that occur quickly. 

Checklist for Cyber Extortion Readiness

Some useful strategies businesses can deploy now to minimize their ransomware attack surfaces are:

  • Adopt newer systems that support modern patches and updates.
  • Segment network access to distinct users and validate credentials.
  • Train employees on best security practices whether working on-premise or remotely.
  • Back up your business data often using third-party solutions and services.
  • Change passwords across all networks and devices often.
  • Utilize active threat monitoring solutions to recognize ransomware signatures before they deploy in your systems.
  • Use penetration testing methods through ethical hacking groups to discover hidden vulnerabilities that antivirus and anti-malware platforms may have missed.
  • Develop an extensive incident response plan.

Ransomware is quickly evolving and has become one of the most common forms of digital attack today. To ensure your business is protected from cyber extortion now and in the future, it’s essential for your organization to evolve its systems and process along with it. By conducting thorough ransomware risk assessments and building a path for network and security system hardening, you can ensure your business stays protected in 2021 and beyond.

More from Malware

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today