Have you ever heard of holding something for ransom? Perhaps you’ve seen stories on the news of valuable items being stolen, with a return only promised in exchange for money. Or in the movies where a person is held hostage for payment by a loved one.
Ransomware follows a similar concept, except focuses on an application in the online space. It is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever.
Sounds like something straight out of a movie, right? But the reality is that ransomware attacks are more common than you may think. The average digital ransom per incident is on the rise, with the number currently sitting at an average of $8,100 demanded per case.
Of all organizations experiencing ransomware attacks in North America, government bodies are the most commonly attacked (15.4%), while the manufacturing and construction services industries follow closely behind at 13.9% and 13.2%, respectively.
One of the best ways to prevent ransomware for affecting your business is to take preventative measures. Awareness is key. For instance, if you use Amazon Web Services as a part of your digital infrastructure, taking an AWS training course can teach you about IT security. You should also have security awareness training within your organization to help your team recognize potential risk factors.
It’s a problem that shows no signs of going away. That’s because ransomware is easy to produce, difficult to defend against, and it’s a lucrative criminal activity:
In this blog, we’re covering some of the most notable examples of ransomware you should know in order to be aware of a potential scam and understand the scale of a possible attack. Let’s get started!
Types of Ransomware
There are two main types of ransomware you should be aware of: crypto-ransomware and locker ransomware.
What’s the difference?
Crypto ransomware encrypts valuable files on a computer so that the user cannot access them. Cyberthieves that conduct crypto-ransomware attacks make money by demanding that victims pay a ransom to get their files back.
Locker ransomware does not encrypt files. Rather, it locks the victim out of their device, preventing them from using it. Once they are locked out, cybercriminals carrying out locker ransomware attacks will demand a ransom to unlock the device.
CryptoLocker Ransomware Attack
Between September and December 2013, a crypto-ransomware known as CryptoLocker infected more than 250,000 systems and more than $3 million for its creators before the Gameover ZeuS botnet, which was used to carry out the attacks, was taken offline in 2014 in an international operation.
Once it was captured, its encryption model was analyzed, and there is now a tool available online to recover encrypted files compromised by CryptoLocker.
CryptoLocker was one of the most profitable ransomware attacks of its time. And still, CryptoLocker lives on today. CryptoLocker’s demise only led to the emergence of several imitation ransomware variants, including the commonly known clones CryptoWall and TorrentLocker.
It works by encrypting files on desktops and network shares and “holds them for ransom”, prompting any user that tries to open the file to pay a fee to decrypt them. This can be especially damaging for any data-driven organization.
Malware like CryptoLocker can enter a protected network in many different ways, including email, file sharing sites, and downloads. New variants of the ransomware have successfully eluded anti-virus and firewall technologies, making it especially dangerous.
Ryuk Ransomware Attack
Ryuk crypto-ransomware, named after a fictional Japanese character, is one of the most powerful and prominent scams on the internet today.
Although young (Ryuk came about in 2018), the ransomware immediately turned heads after disrupting operations of all Tribune Publishing newspapers over the Christmas holiday that year. They initially thought it was a server outage until they realized the severity of the situation and worked to quarantine the ransomware.
Still, Ryuk re-infected and spread onto connected systems in the network because the security patches failed to hold when tech teams brought the servers back.
Because of its method of exclusively targeting large corporations with critical assets, Ryuk ransomware is hailed as one of the costliest among ransomware attacks.
Bad Rabbit Ransomware Attack
In 2017, the Bad Rabbit crypto-ransomware attack spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack.
What is a drive-by attack?
Users would visit a legitimate website and interact with it, not knowing the website had been compromised by a hacker. Bad Rabbit ransomware used a fake request on the website they hacked to install Adobe Flash as malware to spread its infection. This is called “malware dropping”: when users click to install something that is actually malware in disguise.
This means that you could be exposing yourself to ransomware without even knowing it!