Ransomware is one of the oldest forms of cyberattack that we know of, and like the crocodile it has been lurking, showing only its eyes atop the murky surface. However, a new lease of life has been granted to the threat due to factors such as the widened attack surface with an array of device now in play, leading to some of the deadliest ransomware attacks.
Ransomware attacks such as WannaCry and Petya have raised the profile of cybersecurity in general on a global scale. It is now not unusual to see someone reading a paper on the train with a front page headline pertaining to cyber malice.
Google made a chilling warning recently at Black Hat specify the event that ransomware must not be underestimated, after conducting a test using decoy victims to map a huge network of ransomware threats.
With ransomware posing perhaps the greatest threat it ever has done, and coming to the attention of record numbers of people, CBR has compiled a list of the seven most notorious cyber attacks in recent years, which are likely to be as active now as they were then.
This deadly ransomware attack will be fresh in the minds of many because it grabbed mainstream headlines right across the globe this year. In fact around 150 countries were swept into the storm created by this strain of ransomware, and major organisations were sent grinding to a halt.
Initially the attack came into existence under the name WannaCrypt, and this kind of ransomware is a worm that works specifically on Windows. WannaCry was highly formidable, and armed with RSA-2048; this made the attack impossible to decrypt once your files had been compromised.
While this attack will go down as one of the most notorious for its globally crippling effects, it only managed to make around $70,000 dollars, minute in comparison to the operational impact of the attack.
One of the most powerful capabilities of this ransomware was the ease with which the infection could be circulated. It required no more than a link in an email to be carelessly opened for the spread to be continued.
This simple method has been used for other attacks such as the Google Docs phishing attacks to affect millions of users. WannaCry was not only highly affective for these reasons, it was also able to directly attack network drives, allowing the cyber attack to cause massive collateral damage.
WannaCry had a devastating impact on organisations such as Telefonica; as it was forced to completely shut systems down to prevent the attack tightening its grip on the network any further.
Perhaps most highly associated with this attack is the British National Health Service (NHS), the NHS was also taken offline completely, this meant online system had to be replaced by pen and paper, causing a great deal of concern.
Like WannaCry, Petya is also an encrypting ransomware attack, and it had a massive impact that gained media attention. The attack should also be fresh in the memories of many, having only been tracked down for the first time in 2016, and returned in June this year in a new form.
Another name earned by the cyberattack was NotPetya, marking its distinct difference from the original attack it was based. The name came courtesy of global cybersecurity firm Kaspersky Lab.
The process that the attack uses to take control is as follows, first compromises the master boot record of a Windows system before encrypting the file system within the device’s hard drive. Once this has been carried out, Windows is unable to load, locking the user out of the system entirely.
In the 2017 appearance of Petya the attack was more powerful than when first encountered, and this time it was used to launch an attack that like WannCry, had a huge effect across the entire world.
While gaining a reputation of being a global cyberattack, the Ukraine bore the brunt of the attack’s affects, and around 2,000 Russian users were affected in the most recent ‘NotPetya’ case. The Ukraine is a location that has been the target of numerous, major attacks even on nation state scale such as the SCADA attacks on power grids, for example.
Originally discovered in 2016, this most deadly of ransomware attacks is also delivered via email, and has been known to take the guise of an invoice requiring payment. Under this illusion, a word document was also included that was containing the malicious payload in the form of a set of macros.
Once triggered, a complex encryption process would trap your files and payment of either half or a whole bitcoin was the ransom required to rescue your stolen files.
This would be an extremely painful price to pay in recent times, with Bitcoin having gone through a period of massive success, surpassing the price of gold on the basis of an ounce to a unit, and also surpassing the $2000 mark.
Advice for not getting caught out by Locky consists of advisable practices in general cyber activity, first and foremost the user should update programs to prevent weak links, and also, by no means should you ever click on links from unknown senders without verifying first!
In terms of how big an affect Locky has had, the number of people can only be considered in the millions, with the first iteration alone impacting around 500,000. With Google’s recent ransomware warning, the Locky family of ransomware was noted as being likely to pose further significant risk.
Cerber is also a strain of ransomware that Google has singled out in the recent warning it made at the Black Hat event 2017, alongside Locky.
This strain of ransomware has become a household name, having struck around 150,000 Windows users in a single month in 2016. Hitting so many people, it almost comes as no surprise at all that this ransomware is able to steal a colossal $2.3 million a year.
A terrifying new development in the cyber threat landscape in recent times is the ability to pay for pre-packaged ransomware attacks. This process means that attacks are likely to increase dramatically as it becomes more commonplace to access and use ransomware-as-a-service. This also means no skill is required to do major cyber damage.
This is exactly what Cerber is, a service that can be purchased by the user agreeing to allow Cerber to keep 40% of the amount stolen in every attack.
Cerber is a giant on this list, and potentially a contender for the top spot given its ubiquity as ransomware attack, it is extremely well established, and is considered a family of the cyber attack type. A quarter of all attacks were put down to Cerber between late December and early January 2017.
This variety of ransomware is a dangerous form of crypto-malware, a deadly concoction that means it can go further than just encrypting files, it can also compromise previously connected drives, widening the reach of this form of attack even further.
Like several of the most well-known ransomware variants, HDDCryptor was located and verified in 2016. In the same year the attack reached its pinnacle of notoriety when it breached the San Francisco Municipal Transport Agency.
The agency was fortunately in a position in which backups were able to be used to reclaim control, however the instance stands as an example of what this ransomware strain can do. Hackers behind this significant example of ransomware attacks were charging around a 100 bitcoins to the victim.
Comparable to other notorious ransomware attacks, HDDCryptor can strike at the disk level, meaning that once a computer is compromised, instead of booting a screen announcing the ransomware’s control is displayed to the user, a hallmark of this kind of deadly cyberattack.
Chimera was first picked up on in 2015, and this ransomware variant is also delivered by phishing, requiring humans to be exercise lax cybersecurity awareness. Chimera is able to gain entry via Dropbox links, an entry point previously employed by other ransomware attacks.
If you are one of these careless individuals that clicks the link, the attack wastes no time and begins encrypting straight away. Once files are encrypted they will assume the format of .crypt.
One of the most eye catching details of this ransomware variant is the fact the ransom demanded is a comparatively hefty sum of 2.5 bitcoins. There is also an additionally dark, twisted incentive to pay up, as not only will files be deleted if the victim fails to pay, but the attack will release them online, publically.
Ransomware-as-a-service is also provided by Chimera, requiring 50% of the takings from those keen on getting behind the dastardly cyber activity.
SamSam ransomware is by no means a thing of the past, and not only is it still extremely active, it is becoming increasingly bullish and vicious.
This ransomware capitalised on unpatched server vulnerabilities, another weak point caused by human fallibility and lack of cybersecurity awareness.
A highly concerning characteristic of SamSam is that it is a big game hunter, it is most dangerous for organisations with multiple machines. New information on the attack shows that it requires 1.7 bitcoins to release a single machine, and in light of bitcoins increase in value, this can be close to $5000 just by itself.
The money really begins to build up when more machines are affected. To release half the machines it will cost 6 bitcoins, and 12 for all of them to be set free, this could cost as much as $30,000, making this one of the most punishing ransomware attacks in the world.
This article is from the CBROnline archive: some formatting and images may not be present.