What different types of ransomware are there?

Ransomware is a form of malicious software that encrypts files on a device or network, preventing access until a ransom is paid. There are several major families or types of ransomware that have been observed in the wild.

Encryption Ransomware

Encryption ransomware is one of the most common and impactful types. It encrypts files on the infected system using complex algorithms, rendering them inaccessible to the victim. Some major examples include:

  • CryptoLocker – One of the first major ransomware threats, active from 2013-2014.
  • CryptoWall – A sophisticated ransomware with multiple iterations active from 2014-2016.
  • WannaCry – A 2017 ransomware cryptoworm that affected over 200,000 computers globally.
  • Ryuk – Targeted ransomware first observed in 2018, focusing on large enterprises.
  • Sodinokibi – Also known as REvil, an “ransomware-as-a-service” affiliate model observed since 2019.

These encryption ransomwares use robust encryption algorithms, making decryption without the key essentially impossible in most cases. Victims often have no choice but to pay the ransom or lose access to their data.

Locker Ransomware

Locker ransomware does not encrypt files, but instead locks users out of the infected system. Some examples include:

  • Reveton – Masquerades as law enforcement, accusing victims of illegal activities.
  • Locky – Aggressive ransomware that at its peak accounted for over 90% of ransomware attacks.
  • Petya – Overwrote the master boot record, rendering infected systems unbootable.

Locker ransomware is sometimes easier to recover from, depending on the specific technique used. But often the only way to regain access is still paying the ransom.


Scareware does not actually encrypt or lock files, but deceives victims into believing they must pay to avoid consequences. Some examples include:

  • FBI Moneypak – Used fake FBI warnings to frighten victims into paying fines.
  • WinLock – Impersonated Windows and claimed illegal activity to extort payments.
  • Pop-up Fake Antiviruses – Falsely claim infections and require payment for software to remove non-existent threats.

Scareware exploits fear, uncertainty, and doubt instead of having any real impact. But the threats are empty, and there is no need to pay their demands.

RaaS (Ransomware-as-a-Service)

Ransomware-as-a-Service (RaaS) provides ransomware toolkits and infrastructure to cybercriminals through a subscription model. Some examples include:

  • REvil/Sodinokibi – Mentioned above, one of the most prolific RaaS services.
  • Thanos – RaaS focused on encrypting Linux servers and NAS devices.
  • Ragnar Locker – Emerging RaaS first observed in 2019, targeting critical infrastructure.

RaaS lowered barriers for deploying ransomware, allowing even unskilled threat actors to launch attacks. RaaS administrators take a cut of any ransom payments.


Cryptojacking infections secretly use infected devices to mine cryptocurrency. While not always considered ransomware, some examples include:

  • Adylkuzz – Cryptominer that targeted Windows systems shortly after WannaCry in 2017.
  • Loapi – Android cryptomining botnet observed in 2017-2018.
  • Cryptoloot – Illicit browser-based JavaScript miner active from 2017-2018.

Instead of demanding ransom outright, cryptojackers exploit devices to mine convertible cryptocurrency. While less aggressive than “traditional” ransomware, they can still degrade performance.

Mobile Ransomware

Ransomware has also emerged on mobile devices, especially Android. Some examples include:

  • Lockdroid – Early Android ransomware trojan first observed in 2014.
  • Fusob – Malware family targeting Android and iOS devices to extort money via SMS.
  • WannaLocker – Ransomware-as-a-Service geared toward infecting Android devices.

Mobile ransomware is an emerging threat, often spreading via malicious apps. It can lock devices, encrypt data, or threaten remote wipes unless ransom is paid.

Ransomware Trends

Ransomware techniques continue evolving, with some key trends including:

  • Increasingly targeted attacks on businesses, governments, and critical infrastructure.
  • Double or triple extortion tactics that threaten to leak data as additional leverage.
  • Ransomware deployed as wipers with no intent to decrypt files.
  • Automation of ransomware attacks using RaaS or malware kits.

Attackers are getting more sophisticated, carrying out tailored attacks against high-value targets. Combined with more destructive tactics, this makes ransomware an elevated cyber threat.

Defending Against Ransomware

Some best practices to defend against ransomware attacks include:

  • Maintaining patched and updated systems, software, and security tools.
  • Using antivirus/antimalware tools and monitoring for threats.
  • Backing up data regularly and keeping backups offline.
  • Restricting, monitoring, and controlling remote access to networks.
  • Using email and spam filtering to block malicious links/attachments.
  • Educating employees on ransomware threats and security best practices.

Ransomware resilience requires layered security and employee training. However, no single solution is 100% effective, so backups remain crucial as a last line of defense against data loss.

Should You Pay the Ransom?

Paying ransom demands is controversial. Potential pros and cons include:

Pros Cons
Recover encrypted data No guarantee files will be restored
Resume business operations Perpetuates the ransomware business model
Avoid downtime costs Data could still leak afterward
May get a decryption key Supports criminal organizations

Ultimately, the decision depends on specific circumstances. But paying should be carefully weighed as an absolute last resort.


Ransomware remains a serious cyber threat, with diverse types ranging from encryption to scareware tactics. Understanding the different varieties of ransomware, trends in attacks, best practices for defense, and implications of paying ransom enables individuals and organizations to build resilience against these crippling attacks.

With ransomware continuing to evolve, it is crucial to stay vigilant – keeping systems secured and protected through layered technical controls and smart cybersecurity habits. Backing up critical data provides the last line of defense if preventative measures fail. But by understanding their methods of attack, we can harden defenses and reduce the devastating impacts of ransomware.