Cybercriminals use malware to Infect computers or networks which are then blocked or encrypted, holding the data for ransom. This form of cyberattack, called ransomware, is well known and becoming ever more prevalent. The speed and sophistication of these attacks can cripple small businesses as well as large enterprises, as we saw with Colonial Pipeline in 2021. Ransomware attacks often exploit RDP, phishing emails, and unpatched software vulnerabilities.
The right combination of monitoring and security software can prevent ransomware infections. To that end, it is important to be aware of ransomware trends and groups in order to understand how we might begin to prevent them. In this blog, we will highlight a few significant types of ransomware that have made headlines in recent events:
Petya
Petya is a family of ransomware first discovered in 2016 and found notoriety in an attack that also resurfaced as GoldenEye (also known as WannaCry’s “deadly sibling”) in 2017 when it caused a global ransomware infection that hit 2,000 targets, including Ukrainian enterprises. This kind of malicious ransomware encrypts the victim’s entire hard disk. Encrypting the Master File Table (MFT) makes hard disk files inaccessible. This also forced Chernobyl employees to manually check the radiation levels at the plant.
GandCrab
The GandCrab ransomware is infamous for encrypting victims’ files and demanding a ransom payment in order to regain access to their data. Some reports show that groups behind the attacks would demand a ransom from victims after claiming to have hacked webcam footage, with threats to release data online if the ransom wasn’t paid. The GandCrab ransomware evolved after its 2018 debut. As part of “No More Ransom,” security providers and police agencies, including Bitdefender, developed a GandCrab decryption tool. However, this ransomware still persists today.
B0r0nt0k
B0r0nt0k targets Windows and Linux servers. This ransomware encrypts Linux server files with the “.rontok” extension. This Malware threatens files, startup settings, functions, and applications, as well as registry entries, files, and programs.
Dharma Brrr Variant
Dharma ransomware, which is also called CrySiS, is a high-risk ransomware virus that attacks Windows. Threat actors use it to try to get money from personal computer users and small and medium-sized businesses. Brrr, the new Dharmavariant, is manually installed on computers utilizing RDP (usually on TCP port 3389) before attempting to brute force the password. Ransomware encrypts files once it is active. “.id-[id]. [email]. brrr” is used to encrypt data.
Worth noting:
Ransomware-as-a-service
In the post-COVID world, ransomware has become such a money-maker that cybercriminals have built organized business models around the scheme. Now, criminals with low technical skills can use Ransomware as a Service where malware is bought, reducing programmers’ lead time, increasing their profit, and widening the surface on which they can attack their potential victims, including businesses in all industries.
Conclusion
Ransomware targets everyone. From home offices to Fortune 100s, criminals have historically not discriminated against their targets. Some corporate attacks may demand millions of dollars (or more) in ransom, especially if the attacker knows the blocked data represents a significant financial gain. The Colonial Pipeline discussed earlier, paid the equivalent of USD $4.4 million in Bitcoin within several hours (they eventually recovered approximately only USD $2.3 million). Clearly, there is a high monetary incentive for cybercriminals, even when they end up with a fraction of their initial ask. This is especially true when surveys show that 83% of ransomware victims quietly pay up.
In both examples, the cyberattack victim is more important than the ransomware.
Malware victims can pay the ransom, or take the hit and lose the encrypted data. Consider the implications of paying, as well as whether you believe the attacker will try again now that you are willing to open your wallet.
Ransomware attacks come in many forms but are preventable if prepared for. Backups can restore potentially lost data, and security software can look out for ransomware signatures before they have a chance to encrypt your data.
Oppos, Inc. is dedicated to minimizing the risk of ransomware attacks on businesses of all sizes. For more information on how we can build the right incident response strategy, please get in touch with us for a bespoke assessment.
Related blog: Top 5 signs you are becoming a victim of a ransomware attack
Must Read: 6 Kinds of Ransomware You Might Not Know About
Most Read: Mobile Device Security: A Holistic Approach to an Evolving Threat
5 Responses