WPO Image

Ransomware Definition, Types and Trends 2021-2022

Ransomware is a cyber threat that has been around for over a decade. However, ransomware attacks are making headlines because of the types of targets affected and the damage done to them as well as to other targets. Ransomware attacks have also affected citizens.

We have discussed ransomware in Atico34 blogs. This article will explain what ransomware looks like, how it works, and why there is an increasing number of them.

What is ransomware? Definition

Ransomware can be described as malware that takes control of files and the whole computer. It prevents the user from accessing or using the former. To unlock them, you must pay a ransom to the cybercriminal. This ransom can be paid in cryptocurrency or some other form.

Although ransomware has become more common in recent ransomware attacks, it was first popularized by the public in 2000s. However, the first ransomware case is from 1989. It was distributed via floppy discs and mailed to victims as part of an AIDS education program.

What is ransomware?

The ransomware infects a computer or network of a company, or public body. It encrypts many or all files and prevents users from accessing them. It is impossible to retrieve files by ourselves, as we will need to have the encryption key that was used. This is exactly what we will pay for.

A warning message appears advising us that we have been infected by ransomware. We must pay the ransom to regain control over the data and equipment. If the victim is a business, the ransom will be very high. This notice contains instructions about how to pay the ransom, including where to send it and when to do it.

Ransomware can sometimes infiltrate your computer or network, and then waits for a while before encryption files. This time is often used to extract confidential information and to carry out another type of extortion, which demands a higher amount from victims in order to prevent stolen information being leaked onto the Dark Web.

This is how ransomware works. But how does a computer become infected? There are many ways to infect your computer, depending on which ransomware is being used and what type of malware is being used. Some of these methods don’t even require you to do anything.

Consequently, we are familiar with the following ransomware vectors:

Phishing is the practice of sending fake emails imitating official emails with lesser or greater success. These emails often contain malicious macros in the attachments. After the file has been downloaded and opened, ransomware can be installed on your computer.

Exploiting vulnerabilities in operating systems or software. The cybercriminal will create an exploit to take advantage of that failure to install malware. Zero day ransomware is one example. It takes advantage of the “zero-day vulnerabilities” present in the software and has not been fixed.

Malvertising is the placing of malicious ads on websites. To unlock the door, you just need to click on the ransomware-infected ad.

Drive-by downloads are where you just need to visit a website that has ransomware available to download immediately after you access it. This entry often exploits outdated browsers and applications.

Brute force attacks on RDP (Remote Desktop Protocol) are used to connect remote workers to the office computer. Users’ computers at home are less secure than those in the office. If they do not use a VPN, there are high chances that they will be able to become ransomware entry points.

Attacks that exploit weaknesses in VPN servers or server applications. This ransomware attack is more targeted and users will not be able do anything.

How ransomware works

The most popular ransomware types

There are many methods for ransomware distribution. Some ransomware has targeted individuals to extort large amounts of money. But ransomware attacks that target large corporations, government agencies or medical or educational institutions are notorious. They not only compromise the entity, but also interrupt their services, often in multiple cases.

This group, although they can affect anyone, contains the most popular and widely used ransomware of recent years.


Ryuk was the most active ransomware in 2019 and 2020. In fact, it was the ransomware in Spain that attacked the SEPE, and then blocked a part of the public service for several days.

Ryuk is a modified Hermes ransomware. It was first revealed in 2018. Since then, there have been several attacks, including those by the North Carolina water utility.

Ryuk is spread using bots such as TrickBot or Emotet that steal information and threaten to leak it. The ransomware runs, encrypts files and then exits.


In Asia, the Sodinokibi ransomware, also known by revil, was first discovered in 2019. To bypass security measures and infect computers, this ransomware makes use of lawful functions on the CPU.

This ransomware has the most victims and is responsible for affecting a wide range of business sectors including finance, consumption, services, engineering, and engineering. They requested $ 50 million from Acer in ransomware, which was the highest ever.

Sodinokibi’s peculiarity is that it appears like a ransomware meant to be “rent” to users with doubtful intentions.


WannaCry, a Trojan-type malware that is behind many ransomware attacks, is considered to be one of the most serious. It is actually responsible for the fact the ransomware concept was fully embraced by the public in 2017, as it affected approximately 200,000 people from around 150 countries. This included both large corporations and public institutions.

WannaCry exploited an Microsoft vulnerability called EternalBlue during the implementation of SMB protocol. Encrypted files changed the extension to.WCRY.


Cryptolocker was first discovered in 2013. It was active up to 2014 and used different versions. It was the first ransomware that could be used on a large scale. The FBI, Interpol and other security companies were able to defeat it.

The ransomware was spread via spam emails and attachments, using a botnet. It was estimated that the ransomware infected more than 500,000 computers. It is no longer considered a threat, but other ransomware that was based on its code has been developed.

ChaCha (or Maze)

Maze is a new ransomware that was first discovered in 2019. Furthermore, the group behind it is one of the first to use the threat of file and information leakage as a second ransomware-associated extortion method.

Since its inception, Maze has been responsible for more than a third ransomware attacks. It was operational from September 2020 until the number of ransomware attacks against Maze started to decline.

Netwalker (or Mailto).

Netwalker, another ransomware that has been used to attack logistics companies, industrial groups, and energy companies throughout 2020, is another.

Netwalker was made accessible to cybercriminals via the Dark Web as a RaaS-service, which would have contributed greatly to its spread.

The ransomware was stopped by the security forces in 2021, who seize the Dark Web’s resources and arrest the suspect behind the Netwalker deployment.

Conti (or IOCP)

Conti or IOCP, another recent threat, was also responsible for around 13% of ransomware attack. It appeared at the beginning of 2019, following Maze’s footsteps, and it not only hijacked files from infected computers or networks, but threatened to publish any information that it had stolen.

Conti is different from all the rest, however, as the cybercriminals who were behind him offered help to the attacked company in order to resolve the security problem, and prevent any future attacks by using the same or similar routes.


DoppelPaymer is an older version of ransomware that has been responsible for numerous attacks all over the globe. It mainly targets automotive and electronics companies as well as government agencies and healthcare providers.

DoppelPaymer will still be available.

STRRAT is the ransomware virus.

Ransomware is so common that most users are already aware of the implications. There are Trojans that pose as ransomware to deceive their victims by encrypting files and allowing them to do other things on their computer. This is exactly what STRRAT does. Its real purpose is to open a backdoor in victim’s systems to steal data.

Why has ransomware increased in 2021?

The increase in ransomware-related news seems to indicate that there has been an increase in ransomware attacks on companies in recent years. This ransomware is aimed specifically at large companies, government agencies, and services. It also targets organizations that can’t afford to stay standing for long periods of time and often ends up paying ransom.

Kaspersky’s study found that ransomware victims who were targeted would have seen their numbers rise by 767 percent between 2019 and 2020. Yes, there is a trend. However, the reasons for it are different.

RaaS is ransomware as an option

Ransomware as a Service is undoubtedly one of the causes. This allows virtually any cybercriminal to execute a ransomware operation, using a minimum of knowledge. You can pay to purchase a ready-to use ransomware kit via the Dark Web.

A SaaS (software-as-a-service) can be contracted by a person or company. Anyone who wants to make money online with minimal ethics can subscribe to one these RaaS platforms.

Teleworking and RDP vulnerabilities are on the rise

Many companies were forced to implement telework quickly due to the Covid-19 pandemic, and subsequent confinement. There were also many cybersecurity weaknesses, and employees had little knowledge or awareness about the matter. In many cases, they were connected to company networks via poorly secured RDP.

As we’ve seen, ransomwares have also been developed that exploit vulnerabilities in service providers like VPNs to gain access to corporate networks and launch their attacks.

Ransomware attacks in Spain

This ransomware attack wave has also reached Spain. As the famous attack on SEPE (the one that was suffered by Adif, Mapfre, University of Castilla La Mancha, Castellon City Council and University of Castilla La Mancha) clearly demonstrates. These ransomware attacks are rooted in the same reasons as the previous one: increased teleworking, inadequate or no cybersecurity training for employees, and poorly managed security solutions.

Recent Ransomware statistics from Spain

Emisoft’s report places Spain third in countries where ransomware attacks costs have increased most in 2020. It has seen a 23.3% increase in ransomware attacks compared to 2019. Despite the decrease in attacks, the associated costs have increased.

Check Point estimates that the number of ransomware attacks on Spain in 2020 would have increased 160%, making it the EU country where these attacks are most common.

These ransomware attacks have had such an impact on Spain that the government is creating a Cybersecurity Plan in order to strengthen it in both public and private sectors.

How can you prevent ransomware attacks?

Ransomware is a serious problem at both the national and international levels. But how can we avoid it? These cybersecurity tips will help you avoid ransomware at both the national and international levels.

Ransomware can infect computers and networks through exploits and vulnerabilities. It is important to ensure that all programs and operating systems are up-to-date.

Make sure you have a complete security solution, such as EDR systems. These systems are more than just antivirus and firewalls. They can also monitor your network and detect suspicious behavior in real-time.

Segment the network and limit the access privileges of users to minimize the potential damage.

Employees should be trained and sensibilized to cybersecurity.

Regular backups should be made in the cloud, and, if possible, on other computers that are not connected to the internet. This will ensure that you don’t lose any files if there is a ransomware attack.

What can we do if we are the victim of ransomware attacks?

What happens if ransomware infects our computer?

First, don’t pay ransom. This is the recommendation of security forces. Second, nothing can guarantee your files will be unlocked once you have paid. Third, the ransomware may remain latent on the network or computer and not vanish.

To stop it from spreading the malware or receiving instructions, the second step is to disconnect infected computers from the Internet.

It may be possible to delete ransomware from your computer depending on what type of ransomware was used. In other cases, formatting the computer is the only option.

However, it will be almost impossible to recover encrypted files. Therefore, regular backups are the best way to ensure that no information is lost.

Ransomware can be a serious security threat to companies and public institutions. However, there are ways we can protect ourselves from it.


WPO Image

Welcome to my blog!

Hey there! My name is Lucas Clinton. I’m a blogger and am based in Cincinnati.

I am a fan of technology and as such, I'm going to write about it, hence the domain name "I write about it"

On this blog you can expect me to deliver topics that fascinate me about the world of technology. I'm going to write about products and product development that are based around advancements in science.

I hope you get a lot out of my posts.

continue reading


Popular Posts

I Write About It