Table of Contents
Ransomware Attacks Ransomware attacks are the most serious threat to individuals, SMBs and enterprises in the past decade. Ransomware attacks have increased dramatically in the last few years for organizations all over the globe. Ransomware attacks have changed over time, from CryptoLocker to WannaCry to NotPetya.
Ransomware is a malicious program that prevents victims from accessing their files and systems. It locks the victims’ files and other devices hostage with strong encryption until they pay a ransom.
Ransomware has existed since the beginning. However, ransomware variants are becoming more sophisticated in their capabilities. They can spread faster, evade detection, encrypt files with strong encryption and force victims to pay ransoms.
Advanced distribution methods are used to distribute new-age ransomware. Pre-built infrastructures have been used by cybercriminals to distribute new ransomware versions. These variants are preloaded with crypters, making it extremely difficult to reverse-engineer.
Ransomware, also known as ransomware, is a type of malware that restricts your access to your system and personal files. Cybercriminals can take control of your system and demand ransom for access.
Types of Ransomware Attacks
The CyptoLocker botnet, one of the oldest cyber attacks, has been around for over 20 years. The CyptoLocker ransomware was created in 2013 by hackers who used the original CryptoLocker botnet method of ransomware.
CyptoLocker ransomware, which uses strong encryption algorithms, is the most destructive type of ransomware. It is often impossible without Crypto ransomware to decrypt or restore infected files and computers.
WannaCry is the most well-known ransomware variant. The WannaCry ransomware attack impacted nearly 125,000 organizations across 150 countries. WanaCrypt0r and WCry are two other names for WannaCry ransomware.
Cerber ransomware targeted cloud-based Office 365 customers. Millions of Office 365 users fell for a sophisticated phishing campaign by Cerber ransomware.
CryptoWall is a sophisticated form of CryptoLocker ransomware. It was created in 2014, after the collapse of the original CryptoLocker variant. There are many variants of CryptoWall today. It includes CryptoDefense and CryptoBit, CryptoWall 2.0 and CryptoWall 3.0.
Locky is another ransomware variant that locks the victim’s computer to prevent them from using it until payment is made. It is usually spread via an apparently benign email message disguised to look like an invoice.
GoldenEye is a variant of the notorious Petya ransomware. It spreads via a large social engineering campaign that targets human resource departments. A user can download a GoldenEye-infected PDF file and it silently launches the macro that encrypts the files.
Ransomware virus attacks can’t be detected on systems because it encrypts encrypted files and then deletes them until the ransom is paid. It deletes files one by one on an hourly basis, until the 72-hour mark when all files are deleted.
The email attachment is automatically deleted when the user opens it. The victim is then directed to enable macros in order to read the document. Once the victim has enabled macros, it starts encrypting multiple file types with AES encryption.
Other than the ransomware listed above, Petya and NotPetya are also ransomware.