Ransomware Attacks Double and Evolve Year-on-year!
- Ransomware cases crossed over 20% around the world in the first half of 2020 itself!
- Out of 121.2 million recorded ransomware attacks, 79.9 million were recorded in the US and 5.9 million in the UK.
(Source: Channel Pro)
Security researchers have uncovered that year-on-year ransomware attacks are doubling in the number. Reportedly, the first quarter of 2020’s financial year recorded double ransomware attacks due to remote working culture in the wake of the COVID-19 pandemic. The lack of work from home cybersecurity measures was the biggest reason behind the surge in cyberattacks.
Comparatively, the cyber threat landscape has evolved the most this year because of the mayhem created by cybercriminals. Currently, they have been launching back to back cyberattacks to breach data of small and big enterprises. They have been leveraging new exploitable vulnerabilities to attack organizations running their businesses remotely.
Moreover, various ransomware families have now become capable of stealing sensitive data through highly sophisticated techniques. Industry verticals like BFSI (banking, financial services, and insurance), IT, government, manufacturing, etc., are gold mines right now for these cybercriminals to steal sensitive data.
This year, the ransomware attack is one of the major concerning issues among every organization across the globe. This attack blocks the confidential, financial, or sensitive information of an organization by gaining unauthorized access to its network. Cybercriminals demand certain ransom to return access to blocked files or systems.
In case the demanded ransom is not paid on time or not paid at all, these cybercriminals compromise the sensitive data by publicizing it. However, these threat actors have become smarter than before in exploiting their victims. They steal encrypted data and gain double income by selling it on cybercriminal forums at cheap rates.
Let’s proceed further to learn about the most infamous and dangerous ransomware attacks of the year!
The 5 Most Dangerous Ransomware Attacks
The Maze is the most infamous ransomware threat to enterprises all over the world at the moment. It was previously known as “ChaCha ransomware” and was discovered by Jerome Segura on May 29, 2019. This ransomware hacking group used exploit kits like Fallout and Spelvo in the beginning to deploy attacks.
This ruthless ransomware is infamous for its new approach of attacking where it publishes sensitive information publicly by using different methods. The Maze ransomware encrypts all files and demands for the ransom to recover the files. It threatens to release the information on the internet if the victim fails to pay the demanded ransom.
However, the threat isn’t idle as the threat actor actually publishes one of the victim’s files over the internet. Even if the victim sues the Maze, the damage is already done. The most recent victims of Maze ransomware are Cognizant, Canon allegedly, Xerox, and industries like healthcare.
REvil is a file blocking virus and is considered as a cyber threat that encrypts victim’s files after infecting the system and sends a request message. The message explains that the victim is required to pay the requested ransom in bitcoin. If the victim fails to pay the ransom in time, the demand is doubled.
Recently REvil ransomware made headlines in the news for the latest data breach on media and entertainment lawyers Grubman Shire Meiselas & Sacks. This ransomware targeted several A-list celebrities clients of the law firm and leaked their data on the dark web.
A series of screenshots including a legal document of Madonna’s tour contract and dozens of computer files of celebrities like Bruce Springsteen, Bette Midler, and Barbra Streisand were leaked. According to several reports, personal information of stars such as Robert De Niro, Drake, Mariah Carey, Rod Stewart, Elton John, and many more might have been compromised.
Ryuk is one of the most active ransomware and the biggest players among other ransomware. It is a type of crypto-ransomware that blocks access to a file, system or device by using encryption until the ransom is paid.
Ryuk uses other malware to infect a system. It either uses TrickBot or other means like Remote Desktop Services to gain unauthorized access to a system. It uses robust military algorithms such as RSA and AES to encrypt files using a unique key for each executable.
Ryuk ransomware mainly targets business giants and government agencies that can pay huge ransoms in return. It recently targeted a US-based Fortune 500 company, EMCOR and took down some of its IT systems.
Tycoon is a recently discovered ransomware strain that is written in Java. This malware has been targeting several organizations in the education and software industries, including SMBs. This malware is considered as an unusual one as it is deployed in a trojanized version of Java Runtime Environment. It is compiled in ImageJ, a Java image format, for malicious purposes.
It has been discovered targeting Windows and Linux using the Java image format as part of the attack process. The Tycoon has been aggressively targeting since the last six months of its discovery but the number of victims seems to be less for now.
Reportedly, this ransomware uses different types of techniques that help it to stay hidden. Tycoon denies access to the administrator after it infects the system, following an attack on the file servers and domain controller. It takes advantage of weak or compromised passwords and is a common attack vector that exploits servers for malware.
NetWalker, also known as Mailto, is one of the newest variants of the ransomware family. Various remote working individuals, enterprises, government agencies as well as healthcare organizations reported being attacked by NetWalker this year.
NetWalker ransomware compromises the network of its victim and encrypts all the Windows devices that are connected to it. When executed, it uses an embedded configuration which includes ransom note, file names and several configuration operations.
According to security researchers, this ransomware spreads itself in two ways:
- Through a VBS script that is attached to Coronavirus phishing emails
- Executable files that spread through networks
Can Ransomware Attacks be Prevented?
Yes! Ransomware attacks can be effortlessly prevented if organizations implement cybersecurity guidelines and start practicing them religiously. There are many companies across the world that realize the importance of cybersecurity after falling victim to cyberattacks.
This security negligence can cost an organization more than its revenue if not taken preventive measures. With the pandemic situation and new normal of remote working, cybercriminals have become more empowered to deploy new sophisticated ransomware attacks. It is better to start implementing cybersecurity practices now so as to reduce the emerging cyber risks
Here are the most recommended preventive measures against ransomware attacks:
- Start educating employees with security awareness training to create a cyber-resilient working culture.
- Mandate a strong password policy to reduce risks of password sharing at work and the habit of password reuse.
- Update vulnerable plug-ins on a regular basis to prevent any kind of virus attack.
- Keep a backup of sensitive data on offsite data centers and limit access to confidential files or the organization’s assets.
- Do not download any cracked software from unsecured websites.
- Beware of clicking links or attachments that come within unsolicited emails.
A famous quote by Stephane Nappo:
“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”