Ransomware, the type of nasty, malicious software that locks down a user’s machine and demands a ransom, is increasing in frequency, scale, and sophistication. Nevertheless, the biggest concern and a headache for cybersecurity experts is the fact that ransomware has successfully made its way to businesses.
Research by Bitdefender warns the cost of ransomware attacks has doubled in just a year, as businesses paid hackers around 2 billion dollars in 2017, twice as much compared to 2016.
Last year alone, 69% of companies were hit by a ransomware attack, according to the recent report by Radware. Shockingly, more than half of respondents admitted paying the ransom in the attempt to unlock encrypted business files, despite expert warnings not to do so.
While companies are spending millions responding to ransomware attacks, hackers are pushing their attacks to the next level. Malicious actors are continuously developing strategies to improve existing methods of money extortion, as well as creating new variants of “pseudo-ransomware” to distract the world from greater, more destructive crimes.
Last year saw a number of pretty nasty strains of ransomware. These 5 are some of the scariest.
A new strain of ransomware WannaCrypt (also called WannaCry) that started spreading on May 12, 2017, is considered the biggest ransomware attack in history.
The malicious software infected hundreds of thousands of devices across the world, affecting businesses, as well as public utilities, including banks, telecommunications companies, and hospitals all over the world. Notably, the attack shut down vital medical systems, creating chaos and directly affecting the lives of many patients.
WannaCry targeted a flaw in Windows Server Message Block (SMB) protocol, using an NSA exploit called EternalBlue, which had been leaked just a month before the attack. Once it gained access to Windows computers, it encrypted users’ files before displaying a message demanding a ransom from $300 to $600 for the key to unlocking the data.
The devastating attack was in fact entirely preventable, as a patch for the security loophole from Microsoft had been available two months prior to WannaCry.
Only a month after WannaCry, another attack exploded, again hitting thousands of organizations and businesses in multiple countries.
Cleverly designed to look like a new version of the infamous Petya ransomware, the malicious software quickly appeared to be a wiper worm with a purpose to permanently destroy users’ data instead of keeping it hostage for a ransom.
The criminals behind this ransomware-like attack employed two previously leaked NSA exploits as well as credential-stealing tools to spread the worm across the network once a computer was infected. The way NotPetya reached Windows computers was via a compromised update for a widely used accounting tool, as well as phishing emails.
#3 Bad Rabbit
As soon as the world finally recovered after the two major attacks, new ransomware dubbed Bad Rabbit hit Eastern Europe and many other countries around the world.
This data-encrypting malware spreads through malicious downloads. A malware dropper was injected in some popular websites, patiently waiting for a user to download the malware, disguised as a legitimate Adobe Flash installer.
After a victim installs the malicious file, they find themselves not being able to access their data. Instead, they are lead to a site with a ransom announcement, requesting to pay a certain amount of money within given time.
Locky is one of the most successful forms of ransomware that keeps reappearing in the cybersecurity world, and each time it returns stronger and sneakier.
Locky is typically distributed via spam campaigns, as it appears to be one of the easiest and cheapest ways to deliver malware. Once a user follows the urgent request to download an “important” document and enables macros as asked in the message, they will immediately lose access to the contents of their computer and will be demanded to pay a ransom in exchange for the decryption key.
Although the scheme sounds pretty straightforward, you would be surprised how many users tend to fall for phishing scams, opening malicious attachments and extracting zip files.
Jaff is a ransomware strain very similar to Locky. At first glance pretty simple, and yet - extremely successful.
Mimicking the phishing scheme used by Locky, Jaff employed the Necurs botnet to send malicious emails to potential victims at an impressive speed: approximately 5 million emails in one hour.
Comparing to Locky and other similar ransomware attacks, Jaff can be called an ambitious one. To get their encrypted files back, users were required to pay more $3,000, while others typically ask for a couple of hundred of dollars. And like with any other attack, there’s never a guarantee for victims to receive the decryption key.
While ransomware was the dominant type of cybercrime in 2017, experts warn that this year could be even worse in terms of money and data loss. Therefore, it is extremely important for organizations, as well as individuals to be aware of possible threats and learn how to properly protect themselves.
The first line of defense against ransomware attacks is actually very simple - watch out for phishing scams. To prevent malicious software from getting into your device, you should be careful with suspicious email messages, especially those that ask you to download attachments and enable macros. Never do that!
Next, secure your device. Get a reliable anti-virus software and a VPN. Together they will do a great job of fighting malicious online threats. It’s crucial to do periodic backups of all the important files so you can access them even your computer gets infected with malware.