The Ransomware Epidemic: Understanding the Threat Landscape

 

Ransomware

Ransomware is a malicious program that infects a computer and then locks or encrypts some parts, preventing users from accessing their computer or data. Commonly, after the ransomware is loaded on the user's computer, a message is displayed demanding payment to unlock it. Ransomware varies in its degree of difficulty to remove and how many areas are locked, ranging from a few files to the entire hard drive.

Most Famous Ransomware Attacks By Type :-

Ransomware is a type of malicious software designed to restrict access to a computer system until a payment is made. The key here is… it’s software. While cybercriminals often use a similar foundation to their software code, the most evolved ransomware is a custom form of malware.

Here are some of the top ransomware types and why they were — or still are — so dangerous:

WannaCry

Flashback to 2017. A form of ransomware called WannaCry spread like wildfire through vulnerable SMB ports and phishing attacks, infecting 7,000 computers within the first hour of its release. Within a day, it infected more than 230,000 computers in over 150 countries. The attack affected leaders in various industries, such as the car giant Honda and thousands of NHS hospitals across the UK, seizing control of industrial processes until the ransom was paid. 

TeslaCrypt

In 2016, video gamers faced a form of Trojan ransomware called TelsaCrypt, which infected game saves, user profiles, recoded replays, etc. This gamer ransomware affected 40 different games, such as the Call of Duty series, World of Warcraft and Minecraft — searching for 185 file extensions. Newer variants of the malware also affected encrypted Word, PDF, JPEG and other files. This ransomware made our list for the extent of its spread and the depth of its affected files. In May 2016, the ransomware spread came to a halt when the malware developers shut down the ransomware and released the master decryption key.

Petya and NotPetya

Petya emerged in 2016 but in 2017, it began spreading internationally as ransomware. On July 27th, 2017, it targeted more than 80 companies in France, Germany, Italy, Poland, the United Kingdom, the United States, Russia, and Ukraine. It affected Windows servers, PCs, and laptops, exploiting a vulnerability in Microsoft’s implementation of the Server Message Block protocol — asking victims to conduct a system reboot, after which the system is locked. The newer variant called NotPetya has distinctive malware behavior. It uses different keys for encryption, has unique reboot styles, displays and notes, and was designed by the Russian government. 

REvil, AKA Sodinokibi

The modern-day Russian-based hacking group Ransomware Evil (REvil), also known as Sodinokibi, is a unique ransomware-as-a-service (RaaS) operation. These bad actors developed a subscription-based model that enables affiliates to use already-developed ransomware tools to launch their own ransomware attacks, wherein REvil receives a portion of the profit every time it’s deployed. In 2021, the group breached the tech powerhouse Apple, stealing information on their upcoming products. They’re also behind the recent Kaseya and JBS ransomware attacks. They made our list for their present relevancy — REvil’s attacks are only becoming more frequent, severe, and widespread — and because of their infamy of commercializing ransomware as a service, especially towards supply chains.

DarkSide

Another present-day RaaS operation is DarkSide. This hacking group located in  Eastern Europe targets victims using their own unique form of ransomware, believed to resemble the software used by REvil, as a possible partner of the Russian attackers. They were the bad actors behind the recent Colonial Pipeline cyberattack. Their malicious software earned its place on our top five most famous ransomware list for how destructive the program can be. The software deletes files in the recycle bin one by one, uninstalls security and backup software programs, and terminates security processes to allow access to data files.

Most Famous Ransomware Attacks, By Payout:-

Ransomware attacks are also made famous for how financially crippling they were. Oftentimes, bad actors target companies and industries that are vital, so they must remain fully operational at all times. Freezing access to even certain operations or files for a few days could have a monumental impact on the company’s surrounding economy and customer base at large. When this happens, these major corporations often pay the ransom, knowing that a few days of downtime could account for much more damage and loss than the unlocking fee. Here’s a round-up of the most costly payouts to date:

5. Brenntag

Amount paid: $4.4 million

4. Colonial Pipeline

Amount paid: $4.4 million

 

3. CWT Global

Amount paid: $4.5 million

2. JBS

Amount paid: $11 million

1. CNA Financial

Amount paid: $40 million

How to protect your computer from ransomware:-

There are several main ways to protect your computer from being infected with ransomware.

• At least monthly, check for and install any updates and patches for your computer's operating system and software.
• Install an antivirus and anti-malware program, and keep the program updated.
• Do not click a website link, download a file, or open an attachment in an e-mail if you do not recognize the sender of the e-mail. The link, file, or attachment may contain ransomware.
• If a program tries to install on your computer, and you don't recognize the program or did not initiate the install yourself, cancel or block the installation.
• Do not connect a USB flash drive to your computer if you do not know where the drive came from. If you receive a USB flash drive at a trade show or a non-reputable vendor, it could contain ransomware.

How to remove ransomware from your computer:-

Depending on the level of infection on your computer and if you have an antivirus or anti-malware program installed, you can remove the ransomware. If you still have some access to your computer, follow the steps below.

1. Reboot your computer to Safe Mode.

2. Open the antivirus or anti-malware program installed on your computer.

3. Run a virus and malware scan to find and remove the ransomware.

If you do not have any access to your computer or cannot boot the computer to Safe Mode, you can try the following.

• Remove the hard drive from the computer and externally connect it to another computer using a hard drive enclosure. Run a virus and malware scan on that hard drive to try and remove the ransomware.
• Take your computer or the hard drive if it's easily removable to a computer repair shop. They can connect a hard drive to another computer for virus and malware removal.

If the ransomware cannot be removed, or too many files are encrypted for the computer to be usable, restore the computer to factory settings. Restoring the computer erases all data and gets it back to working condition.

• 
  
• -: BE ALERT BE SAFE:-