Beware of 10 Past Ransomware Attacks
One of the biggest malware threats of 2018 was Ransomware, and it continues to disrupt businesses and daily lives of individuals across the world. In 2019 ransomware has taken a new form – security experts believe that researchers have noted thousands of different ransomware variants looming large on the internet. ransomware is becoming more sophisticated and the variants are only growing.
We list here some of the most notorious and popular ransomware attacks, as they made waves in the cybersecurity industry over the years.
After an initial infection at the French engineering consulting firm Altran in 2019, it went on to hit several industrial and manufacturing firms, including Norsk Hydro.
LockerGoga is the most destructive type of ransomware, and it appears to have both ransomware and wiper capabilities. The latest variant has a very different approach from typical ransomware, it forcibly logs victims off the infected device. This results in the victim not being able to see the ransom instructions on how to recover files.
2. Bad Rabbit
An “affiliate program” of sorts for cybercriminals server is distributed as ransomware-as-a-service (RaaS). In exchange for 40 percent of the profits, anyone can buy it and unleash it.
Cerber uses an elaborate phishing campaign and also targets cloud-based Office 365 users. Typically, the victim receives an email with an infected MS Office document attached. Once opened, the ransomware runs silently in the background. As the encryption takes place it provides no indication of infection to the user. After the encryption, the user will find ransom notes in encrypted folders. Cerber accounted for 26% of all ransomware infections in 2017.
Dharma first struck the world in 2016 and is releasing new versions regularly. The latest variants of 2019 have file extensions .gif .AUF, USA, .xwx, .best, and .heets. It uses cryptovirus that uses contact email and random combinations of letters to mark encrypted files.
Considered to be the most popular multi-million dollar ransomware of 2018, GandCrab relies heavily on Microsoft Office macros, VBScript, and PowerShell to avoid detection. One of the few widely deployed ransomware campaigns it uses a ransomware-as-a-service model to maximize delivery. GandCrab infected over 48,000 nodes within a month and was first reported at the end of January 2018.
Named after a horror movie character, it not only encrypts user’s files, but also deletes them, so it’s particularly a sadistic kind of ransomware. So if one is infected with Jigsaw, he should react quickly. They have a deadline for 24-hours to pay the ransom. If they fail to meet the deadline, the ransomware starts deleting the files. Try shutting down the computer and the Jigsaw deletes up to 1,000 of the victim’s files.
Katyusha was first detected in October 2018. It is an encryption ransomware Trojan encrypts files, adding the extension. Katyusha releases the data to public download if the ransom is not paid. The malware package contains EternalBlue and DoublePulsar exploits which are used to spread over the network. It also deletes shadow copies from the system. Katyusha ransomware is commonly delivered to victims via malicious email attachments. Currently, there are no tools capable of cracking Katyusha’s encryption and restoring data free of charge.
SamSam is most commonly in targeted ransomware attacks. SamSam has attacked a wide range of industries in the US, mainly critical infrastructure, such as hospitals, healthcare companies, and city municipalities. Last year, SamSam attack crippled the city of Atlanta for days and cost taxpayers close to $17 million.
Unlike most ransomware campaigns SamSam relies on phishing techniques for delivery and uses Remote Desktop Protocol (RDP) to infect victims’ to avoid detection.
This ransomware is not for money, they only want the victims to subscribe to the popular YouTuber PewDiePie, and help him reach 100m subscribers, to beat Indian Bollywood channel, T-Series. The competition between them has been on for several months. PewDiePie fans believe that having ransomware is the best way to rake support for their idol. PewDiePie, on the other hand, has not endorsed this move to use malicious tactics to keep him at the top.
PewCrypt comes with spam email campaigns and websites that host malware or display malicious advertisements.
Debuted in August 2018 Ryuk is part of a new ransomware family, and has made $3.7 million in bitcoin, across 52 payments. Normally, ransomware is distributed via spam campaigns and exploit kits, but Ryuk is used in targeted attacks. It mainly focuses on the big organization that can pay a lot of money to recover their files. Ryuk demand ransoms ranging from 15 to 50 bitcoins, and it uses robust military algorithms such as ‘RSA4096’ and ‘AES-256’ to encrypt files and.
When Ryuk ransomware first appeared in 2018, researchers felt it was related to the North Koreans. Close scrutiny, it was found that Ryuk has its roots in Russia and they had built Ryuk ransomware using Hermes code.
Can Ransomware be preventable!
Even though there are ways to recover encrypted files with a decryptor, but new tools and ransomware variants are making it difficult to keep up with the pace. The best way to handle ransomware is prevention – follow the best practices in network security like; regular update backups, and not downloading suspicious attachments.
Julia Sowells946 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.