Ransomware Attacks Double and Evolve Year-on-year!
Security researchers have uncovered that year-on-year ransomware attacks are doubling in number. According to a report from TechTarget, the average ransom payment has increased by 43% as compared to Q4 of 2020. That is $220,298 from $154,108 in Q4 2020.
Reportedly, the year 2020 witnessed a double ransomware attack due to remote working culture in the wake of the COVID-19 pandemic. The lack of work from home cyber security measures was the biggest reason behind the surge in cyber attacks. Not to mention, just recently, another giant firm Gyrodata suffered a massive ransomware attack.
Comparatively, the cyber threat landscape has evolved and cyber criminals are getting more sophisticated. Currently, they have been launching back-to-back cyber attacks to breach the data of small and big enterprises.
Moreover, various ransomware families have now become capable of stealing sensitive data through highly sophisticated techniques. Industry verticals like BFSI (banking, financial services, and insurance), IT, government, manufacturing, etc., are gold mines right now for these cyber criminals to steal sensitive data.
Take a Moment to Stay Tuned Forever
Subscribe to get weekly cyber security updates!
This year, the ransomware attack is one of the major concerning issues among every organization across the globe. This attack blocks the confidential, financial, or sensitive information of an organization by gaining unauthorized access to its network. Cyber criminals demand certain ransom to return access to blocked files or systems.
In case the demanded ransom is not paid on time or not paid at all, these cyber criminals compromise sensitive data by publicizing it. However, these threat actors have become smarter than before in exploiting their victims. They steal encrypted data and gain double income by selling it on cyber criminal forums at cheap rates.
Let’s proceed further to learn about the most infamous and dangerous ransomware attacks of the year!
The 5 Most Dangerous Ransomware Attacks
The Maze is the most infamous ransomware threat to enterprises all over the world at the moment. It was previously known as “ChaCha ransomware” and was discovered by Jerome Segura on May 29, 2019. This ransomware hacking group used exploit kits like Fallout and Spelvo in the beginning to deploy attacks.
This ruthless ransomware is infamous for its new approach of attacking where it publishes sensitive information publicly by using different methods. The Maze ransomware encrypts all files and demands for the ransom to recover the files. It threatens to release the information on the internet if the victim fails to pay the demanded ransom.
However, the threat isn’t idle as the threat actor actually publishes one of the victim’s files over the internet. Even if the victim sues the Maze, the damage is already done. Some big giant companies suffering a Maze ransomware attacks are Cognizant, Canon allegedly, Xerox, etc.
REvil is a file blocking virus and is considered as a cyber threat that encrypts victim’s files after infecting the system and sends a request message. The message explains that the victim is required to pay the requested ransom in bitcoin. If the victim fails to pay the ransom in time, the demand gets doubled.
Many times REvil ransomware has made headlines in the news for the data breaches. This attack vector is also known for targeting A-list celebrities and leaking their data on the dark web.
According to The Times, series of screenshots including a legal document of Madonna’s tour contract and dozens of computer files of celebrities like Bruce Springsteen, Bette Midler, and Barbra Streisand were leaked. The personal information of stars such as Robert De Niro, Drake, Mariah Carey, Rod Stewart, Elton John, and many more were also put at risk.
Ryuk is one of the most active ransomware and the biggest players among other ransomware. It is a type of crypto-ransomware that blocks access to a file, system, or device by using encryption until the ransom is paid.
Ryuk uses other malware to infect a system. It either uses TrickBot or other means like Remote Desktop Services to gain unauthorized access to a system. It uses robust military algorithms such as RSA and AES to encrypt files using a unique key for each executable.
Ryuk ransomware mainly targets business giants and government agencies that can pay huge ransom in return. A US-based Fortune 500 company, EMCOR, is one of the victims of this particular attack that took down some of its IT systems.
Tycoon is a recently discovered ransomware strain that is written in Java. This malware has been targeting several organizations in the education and software industries, including SMBs. This malware is considered an unusual one as it is deployed in a trojanized version of the Java Runtime Environment. It is compiled in ImageJ, a Java image format, for malicious purposes.
It has been discovered targeting Windows and Linux using the Java image format that is part of the attack process. The Tycoon has been aggressively targeting since last year but the number of victims seems to be less for now.
Reportedly, this ransomware uses different types of techniques that help it to stay hidden. Tycoon denies access to the administrator after it infects the system, following an attack on the file servers and domain controller. It takes advantage of weak or compromised passwords and is a common attack vector that exploits servers for malware.
NetWalker, also known as Mailto, is one of the newest variants of the ransomware family. Various remote working individuals, enterprises, government agencies as well as healthcare organizations have reported being attacked by NetWalker last year.
NetWalker ransomware compromises the network of its victim and encrypts all the Windows devices that are connected to it. When executed, it uses an embedded configuration that includes ransom notes, file names, and several configuration operations.
According to security researchers, this ransomware spreads itself in two ways:
- Through a VBS script that is attached to Coronavirus phishing emails
- Executable files that spread through networks
Can Ransomware Attacks be Prevented?
Yes! Ransomware attacks can be effortlessly prevented if organizations implement cyber security guidelines and start practicing them regularly. There are many companies across the world that realize the importance of cyber security after falling victim to cyberattacks.
This security negligence can cost an organization more than its revenue if not taken preventive measures. Looking at the current scenario, cybercriminals have become more empowered to deploy new sophisticated ransomware attacks. Therefore, it is better to start implementing cyber security practices now before it’s too late.
Here are the most recommended preventive measures against ransomware attacks:
- Start educating employees with security awareness training to create a cyber-resilient working culture.
- Mandate a strong password policy to reduce risks of password sharing at work and the habit of password reuse.
- Update vulnerable plug-ins on a regular basis to prevent any kind of virus attack.
- Keep a backup of sensitive data on offsite data centers and limit access to confidential files or the organization’s assets.
- Do not download any cracked software from unsecured websites.
- Beware of clicking links or attachments that come within unsolicited emails.
A famous quote by Stephane Nappo:
“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”
Turn Your Employees Into A Cyber Threat Shield
Make your employees proactive against prevailing cyber attacks with ThreatCop!