<img alt="" src="https://secure.leadforensics.com/779964.png" style="display:none;">
General

Ransomware attacks evolution: cryptoransomware, leakware and scareware

Sagenso Team
14 April 2023
SHARE

Ransomware attacks on companies are being observed for a long time already. Lately, number of such incidents arose and they became more sophisticated. Malware sneaks into companies’ IT systems and wreaks havoc, what usually brings to business continuity interruption and financial and PR losses. There is also a hard decision to make – should management pay a ransom or try to fix the situation by own means? How often companies are exposed to attacks with the use of ransomware software? How does ransomware evolve? What cryptoransomware, leakware and scareware are? Check in our article. 

  

Ransomware is a serious threat for business 

  

Ransomware is one of the main IT threats for businesses. From the research of Check Point Research we can see that in October 2022 there were 35% more incidents than in January. Businesses struggle with ransomware software ck 938 times weekly.   

When the company looses all data, it comes to a downtime. Sometimes even a few hours is enough to generate significant losses. Not to mention days or months. Employees deprived of crucial information cannot fulfill their duties. Clients and partners lose trust in such a company. Company loses contracts and business opportunities. 

  

Self restoring data usually takes about one month. That is why many companies decide to pay a ransom and get back to a full functioning. Hackers still develop their methods and try to make ransomware impossible to resolve on company site. Recently they developed 3 new methods: cryptoransomware, leakware oraz scareware. 

  

Cryptoransomware, file encryption 

  

Cryptoransomware is a popular ransomware method that works for some time already. How does it work? Malware penetrates to company IT system, most commonly as a result of phishing attack. Then it encrypts all file it encounters, and a company stays without any access to all the necessary information to keep business continuity safe. Cybercriminals demands ransom for data deciphering. But the payment is not a guarantee that you get the data back. Sometimes it is possible to decipher data by the own means.  

This procedure didn’t appeal to hackers, who lost the possibility of getting money. That is why cryptoransomware changed into a new kind of software named Exmatter. It’s very easy to use. It does not encrypt any file it encounters, but just remove them from the source and transport to hackers servers. Such interaction make it impossible to be restored by own means. Nevertheless, there is still no guarantee that paying a ransom will help to restore file. Even if they will be back at your server, it’s highly possible that they are somewhere in the dark net already.  

  

Leakware, threating with publication of data 

  

As it is known, cyberthreats often evolve. One of new methods, that are highly effective, is leakware (another name: doxware) that impacts victim’s privacy. Malware invades a computer and displays information that some valuable information or confidential files leaked. Then comes threats of publication of those files on the Internet, if the attacked company won’t pay a ransom. To put some additional pressure, hackers display even a clock, showing time left to make a payment. The very lost of files is a problem for a company, not to mention the possibility of presenting them in public, also to a competitive company. That is why many businesses decide to pay. 

 

Leakware is a tool that can apply not only to business field, but also hits private people. They get a message, that someone has their compromising pictures or other materials and will make them public, if you won’t pay them. So we all need to be very careful online. 

  

Scareware, scare based method 

 

Leakware is not the only one new ransomware method. Cybercriminals very often also use scareware. This kind of software aims to scare the user it attacks, in order to get a ransom.  

Malware that get to the office computer displays a message that is about to scare the employee. Most commonly it’s about a virus in the network or about an other security breach. At the same time, it shows a solution: a link to a fake website, where a payment should be made in order to solve the problem. There is no guaranty that paying will actually help. 

 

Hackers who use scareware sometime really make some changes in IT systems, but they may also bluff. They just count that the user will be under such strong emotions, that he will pay to rescue the company. Significant changes that may be done are: sending a virus, blocking some information or servers, encryption of data.   

 

We can assume, with high probability, that all ransomware methods will constantly evolve in the future. As the range of technical development grows, hackers work on their methods as well. Some solutions, that were enough for now, won’t be enough in the future. 

  

How can you check your company’s security and business continuity insurance? Take up a free audit of cybersecurity. It will show you any gaps in your IT systems and procedures. You are also welcome to our social media: Facebook and LinkedIn, where we regularly share some news and updates in the field of cybersecurity. 
Sagenso Team

Sagenso Team

Sagenso - blog-May-09-2023-12-24-01-1670-PM
Medical

Cyberattack consequences for the medical and pharmaceutical industries

Medical facilities and pharmaceutical companies are among the most frequently targeted by hackers....
Read More
Sagenso - blog-Apr-19-2023-07-46-44-4955-AM
Pharmaceutical industry

Challenges in cybersecurity for pharmaceutical industry

Pharmaceutical industry has developed pretty fast and the pandemic time only helped with that. All...
Read More

Conduct a free cyber security audit!

The audit report is available immediately!

Conduct a free cyber security audit