Cyber Security Center

2 types of ransomware


File-encrypting malware (ransomware) is one of the most dangerous infections out there. However, there are different kinds of ransomware, and not all of them encrypt files. This article will introduce two types of ransomware.

 

Two types of ransomware

Crypto Ransomware. A malicious program that demands money for data or computer recovery after encryption.

Scareware. A malicious program that falsely claims a device is infected in order to force users to pay for file or computer recovery.

When ransomware first started appearing, screen locker scareware was particularly common. The computer would be locked, and a message would be displayed, claiming that law enforcement has locked the device for one reason or another. The malware would try to scare the user by displaying signs like “Locked by FBI”. These screen lockers usually do not encrypt files, and it’s enough to just remove the infection for everything to go back to normal.

Screenshot (31)

Crypto Ransomware

More extreme ransomware versions encrypt files with public key cryptography. Once in the computer, the program scans both local and connected network drives to find files with widespread extensions (doc, docx, xls, xlsx, jpg, ppt). All files found in certain formats are encrypted using public-private key cryptography. The victim then sees a notification about needing to buy a decryptor. In many cases, file decryption for free is impossible.

Scareware

Malicious software scareware is not as aggressive as ransomware, but it demands money from users in a similar fashion. This type of malicious software usually pretends to be an anti-virus program, and relies on social engineering to get into users’ computer. Essentially, users installs those programs themselves, believing them to be useful. Hidden desktop icons, concealed documents, and persistent fake anti-virus pop-ups that ask you to buy the full version are the usual signs of a fake anti-virus program. The program will persistently ask you to purchase the full version, supposedly so it could remove the viruses. Buying the program would not change anything, seeing as the anti-virus is fake and its results are bogus.