2017 seems to be the year of the ransomware- the very sophisticated malware which encrypts all files and data on your computer and then demands a ransom in return for decrypting them.
Well, ransomware attacks have been showing an increasing trend since 2012, on an international level, but 2017 seems to have taken it to an unprecedented level. It’s in 2017 that we’ve had the WannaCry outbreak and the NotPetya attack, which have made the term ‘ransomware’ popular, on the global level. 2017 has been witness to over a dozen ransomware attacks, and it’s still over a month to go before the year ends. 2017 also seems to give very strong signals as regards the ransomware trend- that ransomware is here to stay, at least for the next few years. Cyber criminals could turn more innovative and devise more sophisticated ways, like bypassing antivirus software, to carry out ransomware attacks in the years to come.
Ransomware attacks help cyber criminals make big money; and now, even non-technical people can buy ransomware and use it to carry out cyber attacks. Ransomware, to put it correctly, is happening and evolving…
Here’s a look at the top ransomware attacks of 2017, based on data collected up till October 2017-
Top Ransomware Attacks of 2017
The WannaCry attack was unprecedented in scale; in just a day it spread to over 150 countries and infected over 230,000 computers. It was in May that the WannaCry attack happened; hackers had executed the attack exploiting the EternalBlue vulnerability in the Windows OS. It impacted many leading organizations in different countries and in just a couple of days became sort of a sensation on the global level, making the term ransomware familiar to even non-technical people.
Hackers used the very same EternalBlue vulnerability, which was used to carry out the WannaCry attack, to execute the NotPetya attack too. NotPetya, which resembles the Petya ransomware to a great extent, started off as a fake Ukranian tax software update in June and then spread to more than 100 countries worldwide. It also infected networks in leading companies and organizations, in addition to impacting individual users as well.
The Locky ransomware was already very popular. August 2017 saw Locky resurfacing in new forms. The new variants, Diablo and Lukitus, spread through phishing emails; in just 24 hours over 23 million phishing emails with the Locky ransomware were sent to the US workforce.
2017 seems to be the year of the LockCrypt ransomware too. New versions of LockCrypt have been surfacing and infecting networks of many business organizations across the world, especially in the UK, US, India, South Africa and the Philippines. LockCrypt encrypts files, then renames them with a .lock extension so as to make recovery difficult. LockCrypt also installs itself for persistence and deletes all backups, thereby complicating things for the victims.
Cryptomix, which spread across almost 29 countries affecting thousands, forced victims to pay heftily. They would have to pay up to $3,000 to get their files recovered. Cryptomix, unlike other ransomware, doesn’t depend on any payment portal available on the dark web. The criminals who use Cryptomix would contact the victims and instruct them about the method of payment.
Nemucod ransomware family, which has been active for the last couple of years, comes via phishing emails and encrypts files on victims’ systems/networks. Nemucod ransomware has also been active in 2017.
Cerber is seen as one of the early drivers of Ransomware as a Service (RaaS) and hence can be bought to be used by anyone who wishes to share a part of the profit with the providers. It uses multiple attack vectors to target victims. Cerber is among the top ransomware of 2017.
The CRYSIS ransomware, which first appeared last year, is distributed by brute force remote desktop (RDP) attacks. CRYSIS resurfaced in 2017 chiefly in Australia and New Zealand, and also impacted the US healthcare sector very badly.
So, for the next coming years, it seems we need to be armed to combat ransomware as well, and not just be content with having just the conventional antivirus software and other basic security software.