Types of Ransomware

The ransomware landscape is dynamic, with specialist criminal groups continually emerging and existing ones evolving. 

Experiencing Ransomware or Cyber Breach?

Response time is everything when you are under attack. If you have been breached or have an urgent matter, contact us immediately.

Ransomware Groups

In 2023, 60 ransomware groups were tracked, with half of those beginning their operations in the same year. Below is a list of the most common ransomware groups and their variants:  

  • 8base

  • Akira

  • akira

  • Alphv

  • arvinclub

  • Avaddon

  • bianlian

  • BlackBasta

  • BlackCat

  • BlackMatter

  • cactus

  • Cerber

  • ciphbit

  • Cl0p

  • cloak

  • CoinVault

  • Coverton

  • CryptoLocker

  • CryptoWall

  • CrySiS

  • CTB Locker

  • Dharma

  • DMA Locker

  • Eking (Phobos)

  • everest

  • GandCrab

  • GlobeImposter 2.0

  • HIVE

  • knight

  • LeChiffre

  • Lockbit3

  • Locky

  • losttrust

  • Makop

  • medusa

  • monti

  • noescape

  • Odin

  • Phobos

  • Play

  • qilin

  • QNPCrypt

  • Quantum

  • ragroup

  • Rakhni

  • Rannoh

  • rhysida

  • Ryuk

  • snatch

  • Sodinokibi / REvil

  • TeslaCrypt

  • trigona

  • WanaCryptor

  • WannaCry

  • Wildfire

Solace Cyber is a leader in Digital Forensics and Incident Response, with extensive experience managing ransomware attacks by malicious groups. Offering diverse services and managed support packages, we ensure your business is protected, with a proven cyber security strategy.

Call us on 01202 308818 if you believe you are under a ransomware attack.  

How Ransomware Groups Work

Every ransomware group works slightly differently in the way they attack, but the general structure of an attack is similar across the ransomware groups.
Step 1

Initial Breach

Attackers gain entry into the system through various means, such as phishing emails, unsecured remote desktop protocols, or exploiting software vulnerabilities. The ransomware group will enter the estate days or weeks prior to encryption

Step 2

Infiltration and Encryption

Once inside, the attackers navigate the network, identifying valuable data for extraction, disabling anti-virus products and encrypting files, rendering them inaccessible to the organisation. 

Step 3

Ransom Demand

Following encryption, once the attackers have all the data they want, the attackers issue a ransom demand, often in cryptocurrency, promising decryption keys in exchange for payment. 

Step 4

Data Hostage Situation

With encrypted data inaccessible, the organisation faces a hostage situation, unable to operate or access critical information until the ransom is paid or recovery measures are implemented. 

Step 5

Deterioration of Systems

As time passes without resolution, the impact intensifies, leading to disrupted operations, potential data loss, and reputational damage. 

Step 6

Decision Point

Organisations must swiftly assess their options: pay the ransom (not recommended), seek professional recovery assistance, or restore systems from backups. 

Mitigation is more effective than recovery. However when faced with an attack, early detection and response provide the best opportunity for minimising the impact. It is advisable to engage a team of ransomware recovery specialists to investigate the attack and work to resolve it. Paying the ransom should be the last resort, as it doesn’t guarantee the retrieval of your data.

If you think you are under attack from a ransomware group, act now and call us on 01202 308818.  

Recognising Signs of a Ransomware Attack

identifying a ransomware attack requires prompt vigilance. Indicators suggesting a potential ransomware incident include: 

  1. Sudden File Inaccessibility: Unexplained inability to access files or folders with a changed file extension or unfamiliar file names. 

  1. Altered File Extensions: Files displaying unfamiliar extensions or filenames that have been altered, indicating potential encryption. 

  1. System Performance Changes: Significant decreases in system performance, such as delays in file operations or impaired software functionality. 

  1. Unusual Network Activity: Unusual network behaviour, increased outbound traffic, or unexpected connections to unfamiliar servers or domains. 

  1. Locked Out Systems: Being locked out of specific applications or systems, accompanied by a message demanding payment for access restoration. 

  1. Ransom Notes or Messages: Pop-up messages or text files demanding payment for decryption keys, often warning against attempting data recovery without their instructions. 

Contact Us

Experiencing an attack?

Act swiftly to safeguard your data and operations. Solace Cyber has teams across the UK who are specialists in ransomware recovery. Our bespoke recovery plans are designed to counter various ransomware impacts and bring your business operations back faster.

Don't delay your response. Call us at 01202 308818 immediately if you suspect a ransomware attack. Early action can minimise the attack's impact. Remember, paying the ransom should be the last resort; our specialist team can investigate and strategise for resolution. Protect your data—call us now. 

Request a callback

Solace Cyber, part of Solace Global, helps companies across the UK recover from ransomware attacks and data breaches.

Solace Cyber Limited is registered in England & Wales no. 14028838

Solace Cyber

Suite 6, Branksome Park House,
Branksome Business Park,
Bourne Valley Road,
Poole, BH12 1ED
United Kingdom


Please note that calls may be recorded for security and training purposes.