Get a FREE Report of the Software Running in Your Environment - Including Risks & Countries of Origin
Back to Blogs Back to Press Releases
Blog header image of Common Strains of Ransomware

Common Strains of Ransomware

Table of Contents

Common Strains of Ransomware

Ransomware continues to be the number one concern for businesses across the globe. With ransomware attacks on the rise, and more and more businesses falling victim, the need for businesses to better protect their data, devices, and networks has never been greater.

Ransomware can cripple your business. From productivity and data loss to downtime and damage (to both your reputation and profit margins), ransomware shows no mercy. As an IT Professional, it’s important that you are aware of the common strains of ransomware so you can build your cybersecurity stack with the tools and resources you need to remain one step ahead of cybercriminals.

In this blog post, we will take a look at some of the most famous ransomware strains that have caused a huge amount of damage across organizations. You will be able to identify similarities and differences so you can help to better protect your business against new and emerging threats.


CryptoLocker ransomware first emerged in 2013 when it first infected over 250,500 devices in the first four months of being released. In 2014 the original botnet was shut down just after the threat actors extorted nearly $3 million from victims. Due to the huge amount of success CryptoLocker created, cybercriminals continue to create copycat software like Locker.


Locker ransomware is a clone of CryptoLocker ransomware. It works by infecting devices, locking the users' files, and stopping them from accessing their data and any files located on the device until the ransom has been paid.


In 2017 WannaCry hit the headlines all over the globe as it targeted more than 200,000 organizations in more than 150 different countries. The ransomware strain targeted Windows devices through an exploit known as EternalBlue. Systems that were unpatched and not up-to-date were hugely affected by this cyberattack.


Petya, first discovered in 2016, works by spreading malicious email attachments, which, when downloaded and opened, infect devices with malware. In 2017, a new variant NotPetya hit the headlines as it used the EternalBlue exploit to inflict a cyberattack on Ukrainian targets, though it quickly spread worldwide. Businesses were crippled, and more than $10 million was lost due to damages and downtime.


Ryuk is a strain of ransomware that is used in targeted attacks. In 2020, Ryuk was responsible for more than a third of ransomware attacks that year. Ryuk works by locking down systems and encrypting essential files so that large ransom payments can be demanded. A typical Ryuk ransom can be as much as a few hundred thousand dollars, which is usually paid using an untraceable cryptocurrency such as Bitcoin.

Bad Rabbit

Bad Rabbit first appeared in 2017. It shares some similarities with the Petya and WannaCry strains. Bad Rabbit is disguised as an Adobe Flash update on compromised websites and spreads rapidly through drive-by downloads. Bad Rabbit encrypts files, and victims are presented with an alarming red and black message letting them know they can no longer access their files. A $280 ransom is demanded, and the victim has 40 hours to pay. Bad Rabbit is well known for targeting Russia and Eastern Europe; however, it is still a global threat.


Maze is a ransomware strain that has been targeting organizations across the globe since 2019. Maze encrypts and copies the data and then threatens to leak it unless the victim pays a ransom. Maze has been linked to many attacks inflicted upon the healthcare industry and is responsible for large amounts of data being leaked. Maze is typically distributed through spam emails, RDP brute force attacks, and exploit kits.

How Can ThreatLocker Help You Stay Better Protected?

As IT professionals, we know that you not only wear multiple hats within your organization, but you also have to manage and protect multiple devices, employees, networks, and large amounts of data. Often the responsibilities you have can become overwhelming and time-consuming. However, what if you had a solution that enabled you to complete your day-to-day tasks while helping you manage your IT environment? What if you had a Zero Trust solution that protected your businesses from the inside out? What if you had ThreatLocker?

At ThreatLocker, we want to help IT Professionals protect their businesses from the ground up. We want you to feel confident in your cybersecurity stack and empower you with the tool and resources you need to stay resilient in the face of attacks. Our unique Zero Trust endpoint security solutions help you to do just that and more. We know that threats move fast, and ransomware attacks show no signs of slowing down, so you need a solution that you can rely on that will keep you protected no matter what.

To learn more about the ThreatLocker solution and how we work to protect businesses just like yours, reach out to the Cyber Hero Team today.