Ransomware: What is it? What are its different kinds of Ransomware?

144

Nearly, everyone knows what is inside a computer or a mobile phones. But what if someone snatches out the privacy from inside our computers or laptops for the sake of ransom? Security has always remained a main concern among the cybersecurity platforms, but ransomware, which is a malware,has been dominating the security and has become a major threat to the businesses and organizations.

Ransomware is one of the biggest muddles grown for web. It is basically a malicious software, or a malware which encrypts documents on a computer or across the network. The victims can regain the access to their encrypted documents only after the payment of some amount as ransom to the criminals who are behind the ransomware.

One way for the files to get encrypted and inaccessible, is that any document which looks innocent, when clicked by an unknown, becomes infectious within seconds, which is a big threat to the companies as they have to pay a ransom for regaining their own documents.

While ransomware exploded in 2017, increasing by an estimated 748 percent, is not a new phenomenon. In 1989, a virus named AIDS or the PC Trojan was sent to the victims on a floppy disc, mostly to the healthcare sector. The ransomware counted the number of times the PC was booted, once it hit 90, the machines and the files, all got encrypted on it, demanding the user to ‘renew their license’ with ‘PC Cyborg Corporation’ by sending a ransom of $189 or $378 to a post office in Panama.

Different types of Ransomware:

The continual appearance of new variants of the evolving ransomware is wild and has been posing new threats to businesses and organizations. However, there is a big list of ransomware which has been much more successful than others.

Locky:

The most notorious form of the ransomware is Locky, which terrorized the organizations globally and also made headlines by infecting an American Hospital, and the cybercriminals demanded the ransom of $17,000 to the hospital to get its filtrated networks restored. The hospital gave into the demands of the cybecriminals and paid the ransom.

Perhaps, Locky remained successful because those behind it regularly update the code to avoid detection. They even update it with new functionality, including the ability to make ransom demands in 30 languages, so criminals can more easily target victims around the world. Locky became so successful, it rose to become most prevalent forms of malware in its own right.

Locky still remains one of the most dangerous forms of ransomware, regularly going quiet before reemerging with new attack techniques.

Cryptowall:

It is another form of ransomware which has found great success for a prolonged period of time. Starting life as doppelganger of Cryptolocker, it’s gone onto become one of the most successful types of ransomware.

Like Locky, Cryptowall has regularly been updated in order to ensure its continued success and even scrambles file names to make it harder for victims to know which file is which, putting additional pressure on the victim to pay.

Cerber:

This ransomware became so successful that it surpassed Locky, which appeared to mysteriously disappear over Christmas, although reemerged in April with new attack techniques, to become the most dominant form of ransomware on the web.

This particular family of ransomware is constantly evolving, with its developers regularly adding new features to ensure its continued success. Indeed, the cryptography behind Cerber is so advanced that there’s currently no decryption tools available to help those infected by the latest versions.

Samsam:

Another successful form of ransomware is SamSam, which is notorious for charging a ransom of tens of thousands of dollars for the decryption key.

Rather than being distributed via phishing emails, the attackers seek out unsecured internet-facing systems then exploit them to help spread SamSam laterally across networks.

Wannacry: 

WannaCry is counted as one of the biggest ransomware attacks to date. It is also known as WannaCrypt and Wcry. It caused chaos across the globe in an attack which started on Friday 12 May 2017.

WannaCrypt demands $300 in bitcoin for unlocking encrypted files, a price which doubles after three days. Users are also threatened, via a ransom note on the screen, with having all their files permanently deleted if the ransom isn’t paid within a week.

More than 300,000 victims in over 150 countries fell victim to the ransomware over the course of one weekend, with businesses, governments, and individuals across the globe all affected.

Petya/NotPetya/GoldenEye:

A few days after the WannaCry ransomware broke out, the world was hit with another global ransomware attack.

This cyberattack first hit targets in Ukraine, including its central bank, main international airport, and even the Chernobyl nuclear facility, before quickly spreading around the globe, infecting organisations across Europe, Russia, the US, and Australia.

After some initial confusion as to what this malware was known as Petya, some said it was something else, researchers at Bitdefender came to the conclusion suggest that the outbreak was down to a modified version of Petya ransomware, combining elements of GoldenEye, a particularly vicious relative of Petya, and WannaCry ransomware into extremely potent malware.

Bad Rabbit:

October 2017 saw the third high profile attack of the year when organisations in Russia and Ukraine fell victim to a new variant of Petya ransomware.

Dubbed Bad Rabbit infected at least three Russian media organisations while also infiltrating the networks of several Ukrainian organisations including the Kiev Metro and Odessa International Airport, at the time, the airport had fallen victim to a hacker attack.

Bad Rabbit was named after the text which appeared at the top of the Tor website hosting the ransom note.

LEAVE A REPLY