Ransomware Is Even More Dangerous than You Think

How does ransomware works

How does ransomware work? If you think that ransomware works in the same way as other types of cyberattacks, you may be overlooking important steps for protecting yourself against it.

Ransomware works differently from other malware threats. Traditional security tools like antivirus scanners and firewalls are of limited use against ransomware. To combat ransomware effectively, you need to understand the complex nature of different types of ransomware attacks, then create processes -- such as strategic data backups -- to protect yourself against ransomware. Tools alone won’t keep you safe.

This article helps you defend yourself against ransomware by assessing the current state of ransomware threats and discussing the latest developments in ransomware design.

Ransomware Statistics

Ransomware statistics from the past year show that ransomware attacks rose sharply starting in 2016 and remain highly prevalent today. In the recent survey, performed by CloudBerry, nearly 4 out of 10 individuals report having been affected by ransomware.

The statistics also show that ransomware is not just a problem for large businesses. 25 percent of respondents to the CloudBerry survey indicated that their business data had been affected by ransomware, while 75 percent said personal data was affected. 

Perhaps most worrying of all is the fact that the types of ransomware attacks continue to grow. The number of ransomware families grew from 29 in 2015 to 247 in 2016. The trend continued into 2017. There were more than 4 times as many types of ransomware in early 2017 as there were a year earlier.

The rapid growth in types of ransomware makes it challenging for antivirus scanners (which are the most common tool used to defend against ransomware, according to the CloudBerry survey) to detect ransomware threats because the scanners lack data about newly created ransomware viruses. In addition, the numerous types of ransomware mean that an organization cannot reliably predict which ransomware threats it faces and how to respond to them. It needs to be prepared for any and all types of ransomware that might target it.

Types of Ransomware

While you can’t predict which specific ransomware might impact you, you can educate yourself about the different types of ransomware and develop a cybersecurity strategy accordingly.

Following are four of the latest modes of attack that ransomware programs use to compromise systems and data. This is not a comprehensive list of ransomware attack strategies, but an overview of the most recent developments in ransomware design.

Polymorphic Ransomware

A polymorphic ransomware program is one that is designed to modify itself constantly -- in  other words, to take multiple forms. (Hence the term polymorphic, from the Greek poly, meaning many, and morphe, meaning shape.)

Because polymorphic ransomware changes constantly, it is difficult to detect using the pattern-matching techniques on which antivirus scanners typically rely. Antivirus tools may have “signatures” that enable them to identify some forms of the ransomware, but not all of them, because the signatures change constantly.

Wiping Ransomware

Wiping ransomware, also sometimes called data wipers, does what its name implies: It wipes out all data on your storage drives by deleting the data or otherwise making it unreadable. Attackers typically demand a ransom in order to recover the data, which they will have backed up before wiping it.

Publishing Ransomware (Doxware)

Rather than deleting data or preventing you from accessing it, this type of ransomware takes sensitive data and makes it available for anyone to read. In most cases, the attackers will demand a ransom prior to publishing the data. Essentially, publishing ransomware (also called Doxware, because the attacks often involve stealing sensitive data from Word documents) is a type of extortion.


Ransomware with a time-bomb feature is designed to delay the execution of an attack. Instead of stealing, wiping or extorting your data as soon as your computer or server is breached, time-bomb ransomware hides on the system and can wait weeks or months before activating its attack.

The greatest danger posed by time-bomb ransomware is that it can affect backed-up data as well as production data. If the maximum age of your data backups is less than the time that the ransomware waits before carrying out its attack, you won’t have any “clean” copies of your data that you can use to restore your system to a ransomware-free state.


The ransomware designs listed above represent just some of the ransomware threats that organizations and individuals face today. For a more complete explanation of the ransomware threatscape, as well as tips on using data backups to prevent yourself from being part of the next ransomware statistic, take a look at CloudBerry’s ransomware protection whitepaper.

About the author


Chirstopher Tozzi is a Cloud Computing, IoT, Big Data, and Other Technological Fields Expert.

Christopher has written about open source software, cloud computing, IoT, big data and other technological fields for a decade. His latest book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published by MIT Press in 2017.