Ransomware Forms

Ransomware Forms: Types of Ransomware

Security Breach

Ransomware forms: the theory behind ransomware is rather basic. When ransomware infects a device, the ransomware secretly encrypts user details.

When the encoding completes, the malware shows a notification that requests payment for the key to decode the data–typically in Bitcoins. The demand for ransoms always involve deadlines in the agreement, and if payment is not obtained by the deadline, the requested ransom may increase.

Ransomware Forms

They assumed it that the initial ransomware virus was PC Cyborg, which emerged in 1998. It used basic symmetric encoding, and resources to decode data PC Cyborg had encrypted were fairly easy to make.

Yet it wasn’t until 2012 that efforts to keep user’s machines for ransom fees became popular with introducing the Reveton worm. Until they charged a “fee” via a payment service, Reveton blocked users out of their machines.

After two years, it published CryptoLocker, encrypting user data and requesting a payment for the key to decode. It is the blueprint for several subsequent ransomware forms that have existed ever since.

There are two major forms of ransomware: Locker, which locks the machine or system, and Crypto ransomware, typically by encryption, which blocks entries to documents or records.

Locker Ransomware


Ransomware Reveton started emerging in late 2012. This locks machines of users by stopping them from signing in and viewing an official-looking document that seems to come from the authorities or a regional police department. The notification states the user was engaged in criminal conduct.

For example, child abuse or cyber theft, so that by charging a “fee” they might prevent legal prosecution so recover access to their machines. Earlier models often contained password burglary tools, which stayed operational only though the consumer paid the ransom.

Crypto Ransomware


Cryptolocker’s emergence in 2013 represented a tactical shift by the perpetrators. It was the first case of ransomware that pursued the now common route of encrypting user data with a single randomly generated symmetric key for each device.

The symmetric key is then authenticated and applied to the file using a standard asymmetric key.


CryptoWall first emerged in 2014 and has subsequently existed in many different variants.

One noteworthy characteristic of this malware is that the developers provide just one file with a free decryption program that can be used once. It is to show their target they have the key to decryption.


CTB-Locker dates from around mid-2014, and its developers are using an affiliate scheme to guarantee the wide transmission of the malware. The developers manage and operate the malware and its control and order structures.

Affiliates are to pay a subscription charge to use the ransomware. Responsible for seeking victims by their own spam campaigns or through operating fake websites connected to packages.


TorrentLocker started popping up in 2014 and is distributed mostly via spam emails. Besides the usual method of encrypting various forms of data and requesting a ransom in bitcoin, this malware often harvests on-machine email addresses.

Furthermore, in an effort to spread more, it uses these to send new infected emails to the victim’s contacts.

Our Score

Leave a Reply

Your email address will not be published. Required fields are marked *