May 11, 2021

The Top 5 Variants of Ransomware Being Used in 2021 and What They Do

Ransomware attacks continue to proliferate and do more damage to businesses around the world. Organizations of all types should be aware of the most prominent and dangerous ransomware variations and take necessary precautions to guard against ransomware attacks.

Ransomware Is an Increasing Concern

Ransomware attacks are increasing in both frequency and severity. According to Bitdefender’s Mid-Year Threat Landscape Report 2020, ransomware attacks increased a whopping 715% from 2019 to 2020. Atlas VPN reports that the average ransomware payout increased by 178% year over year.

The cost of a ransomware attack can be staggering. Sophos reports that in 2020, companies that refused to pay a ransom spent on average $732,520 to restore their systems. Companies that paid the ransom spent almost twice as much in total, close to $1.45 million on average.

Top Ransomware Variants in 2021

Not all ransomware is the same. Different variants attack in different ways and with different goals. Here are the five top ransomware variants organizations are most likely to encounter this year.

1. REvil/Sodinokibi

As detailed in the IBM X-Force Threat Intelligence Index, REvil is the most prevalent type of ransomware in circulation today. IBM says REvil and its subvariant Sodinokibi account for 29% of all ransomware attacks. It is conservatively estimated that the REvil ransomware group netted a profit of $123 million in 2020 alone.

REvil is a file-blocking virus that works by encrypting all the files on the targeted system and then demands money (in bitcoin) from its victim. The ransom demand doubles in amount if the money is not paid by a specified deadline. REvil and Sodinokbi most often target the wholesale, manufacturing, and professional services sectors.

2. Maze

According to the IBM report, Maze was the number-two most prevalent form of ransomware in 2020, accounting for 12% of all ransomware attacks. It is a relatively new variant, first discovered in the wild in May 2019.

Maze is notorious for threatening to publicly publish sensitive customer data from the affected system if ransom demands are not met. Experts consider Maze to be one of the most destructive ransomware variants operating today.

3. Ryuk

The Ryuk ransomware variant completely blocks access to the victim’s system until the ransom demands are met. It works by using military-grade encryption to prevent users from accessing files, systems, and devices.

This ransomware typically targets large corporations and government agencies. It uses other malware to infect a system then goes about encrypting targeted files with a unique key for each file.

4. Tycoon

The Tycoon ransomware most often targets educational institutions, government agencies, and software companies. It is also a newer variant, first identified in December 2019 and has been particularly active during the COVID-19 shutdown, infecting the personal computers of employees forced to work from home. It takes advantage of the lax security typical of remote workers, including the poorly encrypted VPN tools many workers use to access their work networks. This ransomware is written in Java and most often deployed as a Trojan horse attached to the Java Runtime Environment.

5. NetWalker

Like Tycoon, NetWalker gained popularity following the COVID-19 shutdown early in 2020. It is most commonly delivered via email phishing campaigns and targets all sizes and types of businesses, healthcare organizations, educational institutions, and government agencies. After it infects a network it encrypts all the Windows devices connected to that network.

Let phx-IT Help Prevent Ransomware Attacks on Your Organization

Ransomware is a clear and present danger and phx-IT can help your organization prepare for it. We provide ransomware prevention, ransomware removal, and ransomware remediation services for organizations of all sizes. You need to take seriously the ransomware threat. We will help you do that.

Contact us today to learn how we can help protect your organization from costly ransomware attacks.

Share This