Types of Ransomware

Ransomware is not a monolithic threat. Over three decades of evolution, distinct categories and operational models have emerged. Understanding these types is critical for effective defence, as each variant demands different mitigation strategies.

1. Crypto-Ransomware

Crypto-ransomware is the most prevalent type. It encrypts the victim's files using strong cryptographic algorithms (typically AES-256 combined with RSA-2048), rendering documents, databases, images, and other data inaccessible. The operating system itself usually remains functional so the victim can read the ransom note and make payment.

Notable examples: WannaCry (2017), CryptoLocker (2013), Ryuk (2018–2021), LockBit (2019–present), Conti (2020–2022).

2. Locker Ransomware

Rather than encrypting individual files, locker ransomware locks the victim out of their entire device. The operating system is rendered unusable, typically by replacing the login screen or boot process with a ransom demand. This type was more common in the early days of ransomware and is now largely superseded by crypto variants.

Notable examples: WinLocker, Police-themed ransomware (Reveton, 2012), Android screen lockers.

3. Double Extortion Ransomware

Introduced around 2019 by the Maze group, double extortion adds a data theft component to the traditional encryption attack. Before encrypting files, the attacker exfiltrates sensitive data. If the victim refuses to pay, the attackers threaten to publish the stolen data on a leak site. This model has become the industry standard for targeted ransomware.

Impact: Even organisations with perfect backups face pressure, because the data leak itself can cause regulatory, legal, and reputational damage.

Notable groups: Maze (pioneer), REvil/Sodinokibi, DarkSide, BlackCat/ALPHV, LockBit 2.0+, Cl0p.

4. Triple Extortion Ransomware

Triple extortion escalates further. In addition to encryption and data theft, attackers apply a third lever of pressure, which may include:

• Launching DDoS attacks against the victim's public-facing infrastructure
• Contacting the victim's customers, partners, or patients directly to apply pressure
• Reporting the victim to regulatory authorities
• Threatening to sell stolen data to competitors

5. Ransomware-as-a-Service (RaaS)

RaaS is not a ransomware type per se, but an operational model that has fundamentally reshaped the threat landscape. RaaS operators develop and maintain the ransomware toolkit, infrastructure (command-and-control servers, payment portals, leak sites), and customer support channels. They then recruit “affiliates” who carry out the actual attacks in exchange for a revenue share, typically 70–80% of the ransom.

This model has industrialised ransomware, lowering the barrier to entry so that individuals with limited technical skills can launch devastating attacks.

Major RaaS platforms: LockBit, BlackCat/ALPHV, Hive (disrupted 2023), Royal, Play, Black Basta, Akira.

6. Wiper Ransomware (Pseudo-Ransomware)

Wiper malware disguises itself as ransomware but has no real decryption mechanism. The goal is data destruction, not financial gain. These attacks are often attributed to nation-state actors and are used as instruments of geopolitical conflict.

Notable examples: NotPetya (2017, attributed to Russia, caused an estimated $10 billion in global damages), WhisperGate (2022, targeted Ukraine), HermeticWiper (2022).

7. Mobile Ransomware

Mobile ransomware targets smartphones and tablets, primarily Android devices. These variants typically lock the screen rather than encrypting files, although crypto-variants for mobile do exist. Distribution often occurs through malicious apps, fake app stores, or SMS phishing.

8. Industrial / OT Ransomware

A newer and particularly dangerous category, OT (Operational Technology) ransomware targets industrial control systems, SCADA environments, and critical infrastructure. The 2021 Colonial Pipeline attack demonstrated how ransomware affecting IT systems can cascade into OT shutdowns, causing fuel shortages across the eastern United States.

Comparison Table