A Look at the Biggest Ransomware Attacks 2017
One of the most prominent threats to any business and individuals alike since the mid-2000s has been ransomware. There were 301,580 complaints about ransomware attacks 2017, as reported by the Internet Crime Complaint Center of the FBI. Ransomware attacks 2017 resulted in losses of over $1.4 million. However, those were only attacks reported to the IC3. The actual number of ransomware attacks 2017 have been estimated to be around 184 million worldwide.
What Is Ransomware?
Ransomware is a malicious software designed to access the files or systems of a computer and then block the authorized user from accessing them until a ransom is paid in exchange for a decryption key, which opens up the files or system again.
While this type of program has been around for a long time, ransomware attacks 2017 evolved to show an increase in variety, with advanced capabilities in terms of encrypting files, spreading themselves, avoiding detection, and coercing victims to pay for the ransom.
Today, ransomware is considered one of the biggest threats that face both individuals and businesses. This is why it comes to no surprise that there are more and more attacks happening each year and that they are becoming more sophisticated and damaging to victims.
How Do Ransomware Attacks Work?
Let’s take a look at how a ransomware works. First, it needs to gain access to a computer or a network. It will then find a program or files that it will hold for ransom. The access is the first and most crucial step, and it can be done through infection or specific attacks.
Much like in the biological world, malware and other malicious software are deemed as carriers for harmful pathogens. They can infect a system in one or more entry points called vectors.
Vector types include:
This is probably the most common vector. It is designed to distribute the ransomware via an email, which is made to look official or professional. It can hint at an urgency to open the attachment, and when the user does so, the ransomware is installed.
Another way that ransomware attacks 2017 happened was through messages on social media, such as Facebook’s messenger. Attackers can mimic accounts of the target’s actual friend, then send a message with a file attachment. This contains the ransomware and is installed once opened.
One of the oldest but still most common ways to trick people into installing ransomware is through pop-ups that are made to mimic those from legitimate software. Once used, it will cause damage to the system.
The History of the First Ransomware Attack
The most prominent ransomware attack in the early days was in 2005. However, an attack happened much earlier. It is said that the actual first known ransomware attacked in 1989, which targeted the healthcare industry. Today, this is still one of the most targeted industries.
The attack was done by Joseph Popp, Ph.D. He did it by distributing more than 20,000 floppy disks to AIDS researchers, of which he was one himself, that spanned over 90 countries. He claimed the disks contained a program that was capable of analyzing an individual’s risk of getting infected with AIDS by the use of a questionnaire. It actually contained a malicious software that remained dormant until the computer was turned on 90 times. Once that number was reached, the malware would display a message that demanded payment of $189 first, then another $378, stating that it was for a software lease.
This attack became known as the AIDS trojan.
Evolution of Ransomware
The early forms of ransomware had developers writing their own encryption codes. Today, they rely on libraries that provide codes that are significantly more difficult to crack. They’ve also gone from the traditional phishing email blasts to spear-phishing campaigns, which are more personal and targeted.
Other ransomware attacks 2017 developed toolkits that were downloaded and developed by attackers with less technical skills. The more advanced and talented cybercriminals actually offered ransomware as a service, which led to the creation of CryptoLocker, Locky, and CryptoWall. The latter alone was known to have made over $320 million in revenue.
Although the first attack happened in 1989, it only became more common in the mid-2000s. TROJ.RANSOM.A, Gpcode, and Cryzip were popular malicious software during that time. In 2011, a worm came out that mimicked the Windows Product Activation notice, which made it more difficult to discern genuine notifications from malicious ones.
In 2015, there are more variants that targeted different platforms. The 10 most popular malicious software for ransom were able to attack 101,568 users around the world, which accounted for more than 77% of all ransomware attacks.
Most Prominent Ransomware Attacks
The largest and most prominent ransomware attacks 2017 also occurred in more recent years. Reports have even indicated that the demands are on the rise: the average ransom was $300 in mid-2000s and is $500 today. A deadline can be assigned and the amount doubles if it passes. Sometimes it permanently locks down the file or program or even destroys it.
One of the most profitable ransomware attacks was CryptoLocker. From September to December of 2013, it was able to infect more than 250,000 devices and earned over $3 million for its creators. An international operation took the Gameover ZeuS botnet, the one carrying out the attacks, offline.
The demise of CryptoLocker led to the creation of a tool to recover infected files by CryptoLocker. However, this also led to more imitation ransomware variants, such as CryptoWall and TorrentLocker. Gameover ZeuS even re-emerged.
Primary targets of these attacks include banks, healthcare, and government organizations.
CryptoWall became the most common ransomware from April 2014 to 2016. It was able to extort over $18 million from victims by 2015.
TeslaCrypt became prominent in 2015 as well ,which infected 163 victims, earning the attackers $75,522. This demanded ransoms to be paid for through Bitcoin, PayPal, or My Cash cards.
A group known as the Armada Collective carried out attacks in 2015, targeting three Greek financial institutions. It encrypted their important files to persuade the banks in paying 7 million Euros each. The three attacks happened within just five days, which worried bank security. Instead of paying, the banks reinforced their defenses to avoid other disruptions and attacks.
An attack on the Hollywood Presbyterian Medical Center demanded a ransom of $3.4 million. It forced the hospital to go back to pre-computing days, as the malicious software blocked the network, email, and patient data for 10 days.
The hospital ultimately paid $17,000 to get access to critical data, which was done to efficiently restore operations. It is said that the original demand of $3.4 million was inaccurate.
In March 2016, two major attacks occurred. An Ottawa hospital was hit by a ransomware that affected more than 9,800 machines. The hospital wiped out their drives and used a backup and recovery process to beat the attackers. The Kentucky Methodist Hospital, Desert Valley Hospital, and Chino Valley Medical Center were all hit by ransomware that encrypted their files. It was reported that none of the hospitals paid the ransom and no data was compromised.
On Black Friday 2016, the San Francisco Municipal Transportation Agency was attacked by a ransomware that disrupted both train ticketing and bus management systems. The attackers demanded 100 Bitcoin, which was equivalent to $73,000. Thanks to the quick response and their backup processes, they were able to restore all systems within two days without paying the ransom.
The very first ransomware attack that targeted Apple OS started in 2016. KeRanger impacted users with the Transmission app and was able to infect 6,500 computers in less than two days. The malicious software was removed a day after it was discovered.
Reports indicated that ransomware attacks 2017 would total $1 billion.
Protecting Against Ransomware Attacks
Here are the best practices to stop ransomware from affecting your computer and your organization.
- Create frequent backups. This is the strongest defense against ransomware because it allows you to wipe out all data and use the backup to a previous save point. Of course, backups should be tested to ensure that they are not corrupted.
- Regularly update software so they are always secure against known threats. This should be designated to every employee in a company.
- Make use of restrictions as long as they make sense for organizations, so employees do not accidentally click or visit malicious sites that contain ransomware.
The most effective way to defend against ransomware attacks 2017 hinged on educating users and businesses about best practices, using backups, and software updates. Today, everybody should also be up to date with ransomware distribution techniques and phishing attacks so they can detect an attempted attack.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.