top of page

Ransomware: What is it? What are the common types?

What is Ransomware? Discover the 3 common types: crypto, locker, and scareware, along with effective ransomware prevention strategies. Protect your data now!

  1. What is ransomware?

Ransomware, in simple terms, is a type of malicious software that acts as a data kidnapping tool. It is designed to block your access to your computer or important files, then demands a ransom payment to regain control.

  1. How many common types of ransomware are there?

There are 3 common types of ransomware that individuals and businesses need to recognize, classified by how they attack the victim's system:


3 common types of ransomware
3 common types of ransomware

a. Crypto-Ransomware (Encryption)

  • Characteristics: Encrypts important files and data, making them inaccessible.

  • Requirement: Demands a ransom (usually in cryptocurrency) in exchange for the decryption key.

b. Locker Ransomware (Screen Locker)

  • Characteristics: Locks the entire screen or functions of the operating system, preventing computer access.

  • Requirement: Displays a fake ransom message, demanding a fine to unlock.

c. Scareware

  • Characteristics: Threatens to publish stolen sensitive information if the ransom is not paid.

  • Trend: Often combined with encryption (Double Extortion).


  1. Who is at risk of a ransomware attack?

No business or individual is immune to the potential risk of a ransomware attack. Anyone with important data and an Internet connection is at risk.

  • Businesses & Organizations (High-value targets): Large organizations, especially in Healthcare, Finance, and Critical Infrastructure, are top targets due to their ability to pay large ransoms and the pressure to operate continuously.

  • Individuals (Easily exploited targets): Often targeted through simple security flaws or phishing emails.


  1. How does a ransomware attack occur?


A ransomware attack is a series of pre-planned steps.
A ransomware attack is a series of pre-planned steps.

A ransomware attack follows a calculated sequence of steps:

  • Initial Infection: Usually via Phishing emails, exploiting security vulnerabilities, or attacking remote access protocols.

  • Deployment and Propagation: The malware is activated, attempts to escalate privileges, and spreads to other devices in the internal network.

  • Data Encryption: The malware encrypts important files while simultaneously deleting local backups.

  • Ransom Demand: Displays a Ransom Note, starting the extortion process.


  1. Consequences of a ransomware attack

Type of Damage

Description

Direct Financial Loss

Costs of paying the ransom, hiring system recovery experts.

Business Disruption

Downtime, lost revenue, and impact on the supply chain.

Data Loss or Leakage

Data being permanently deleted or published.

Reputation and Legal

Loss of customer trust, risk of fines for violating data protection regulations.

  1. Immediate actions to take when attacked by ransomware

    Reporting should be done after isolating the system (disconnecting from the network immediately) and documenting the scene.

    Official channels in Vietnam to contact immediately:

Receiving Agency

Main Function

Contact Channel (Reference)

Authority of Information Security (Ministry of Information and Communications)

Emergency technical support, coordinating information security incident response.

National Cyber Security Center (NCSC).

Department of Cybersecurity and High-Tech Crime Prevention (A05) - Ministry of Public Security

Investigating and handling cybercrime, extortion, and high-tech crimes.

Local functional units or A05 receiving channels.

  1. Effective ransomware prevention measures for businesses and individuals

To minimize the risk of attack, organizations and individuals should implement the following defense measures:

a. Data Protection:

  • Data Backup: Implement the 3-2-1 rule (3 copies, on 2 types of media, 1 offsite/offline copy). This is the final lifeline.

  • Regular Updates: Ensure operating systems, browsers, and all software (including antivirus) are always updated with the latest patches.

  • Access Management: Apply the principle of Least Privilege, only granting access to data and systems when truly necessary.

b. System and Network Security:

  • Use Antivirus Software: Deploy Endpoint Detection and Response (EDR) solutions capable of detecting and blocking unusual encryption behaviors.

  • Disable RDP if not in use: If using Remote Desktop Protocol (RDP), strong passwords, Multi-Factor Authentication (MFA), and restricted external access are mandatory.

  • Network Segmentation: Divide large networks into smaller segments to limit the malware's ability to spread if one segment is compromised.

c. Raising User Awareness:

  • Awareness Training: Regularly train employees on threats, especially recognizing phishing emails.

  • Multi-Factor Authentication (MFA/2FA): Mandate MFA for all important accounts (email, VPN, admin accounts).

  • Strong Passwords: Use complex, long, and unique passwords for each service.

Are you looking for a comprehensive cybersecurity solution to prevent ransomware? Contact IPSIP Vietnam now.


Comments

IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ

Our Services

Solutions for SMEs

SOC 24/7

NOC 24/7

IT Support

Cloud Security

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page