What is Ransomware?
Ransomware is a type of malware that holds your data hostage by blocking your access and asks for payment in exchange for releasing your data.
Some type of ransomware also threatens to leak the data. Called leakware, this type of ransomware is especially effective for organizations with plenty of sensitive, client-related data in circulation, such as law firms or healthcare organizations.
Ransomware can infect your computer through phishing emails, suspicious links, or known security vulnerabilities.
Once it’s downloaded onto your computer or mobile device, ransomware silently encrypts whatever document it deems important, or locks down your device, and asks for payment in exchange for a decryption key.
Most attackers encrypt files and then take the encrypted files hostage. The ransom demands are then primarily transferred through BitCoin or another form of cryptocurrency, with instructions on the pop-up notice you’ll see after the ransomware is finished encrypting the files.
However, ransom payment also doesn’t guarantee that the attacker will release your data or if the decryption key works.
That’s why it’s of utmost importance to ensure everyone in your organization is sufficiently trained and aware of all the signs.
The Two Types of Ransomware
In crypto-ransomware attacks, the malware infects the system to encrypt only a portion of your data that it deems valuable. With crypto-ransomware:
- The target data is encrypted with an algorithm.
- Users can still access other files on their devices.
- The attacker sends the decryption key when they receive the ransom.
Locker ransomware locks you out of your device almost entirely. Most times, your device only boots to a screen that tells you how to communicate with the cybercriminals and pay the ransom demand. Locker ransomware:
- Locks the entire device, so you have very limited access to all of your data.
- Almost completely locks a user out of their entire device.
- Tends to use social engineering practices to make sure you pay your ransom quickly.
- Often parades as law enforcement agencies to fool the victim into paying the ransom.
7 Infamous Ransomware Examples
Here are some examples of ransomware that you might have heard about thanks to their notoriety. Most of them took place from 2015 to 2017 and already have a free decryptor at this point.
1. Bad Rabbit
Bad Rabbit is a ransomware attack that happened in 2017. While short-lived, Bad Rabbit managed to infect some influential organizations located mainly around Russia and Ukraine.
It infected devices through drive-by downloads on compromised websites, disguising itself as an Adobe Flash installation.
Bad Rabbit was a type of encryption ransomware that locked down certain parts of your data with an encryption algorithm. The only way to retrieve that sensitive data was by using the decryption key that the attacker had, which you could only retrieve by paying through BitCoin.
WannaCry’s ransomware attack started in May 2017. It spread quickly across 150 countries and infected over 200,000 devices within a few days.
This ransomware worm attacked various Windows computers that were behind on their software update schedule. The worm locked important files behind encryption and demanded payment through BitCoin.
Victims of WannaCry were mainly from Asia and included several high-profile organizations, including FedEx, Britain’s National Health Service, and various government agencies in Europe.
The patch that can prevent WannaCry ransomware infection is actually already available on a March 2017 update for the Windows operating system, 2 months before the first WannaCry attack. Despite being marked as a critical update, a lot of Windows devices at the time are still not updated, so they’re still vulnerable through the EternalBlue exploit.
Jigsaw is another encryption ransomware that was spread by malicious attachments in spam emails in April 2016. Jigsaw puts much more pressure on the victim compared to WannaCry or Bad Rabbit.
Jigsaw gave a deadline of 72 hours to fulfill its demand, but that’s not all. It added distress for its victims by promising to delete a random file for each hour the ransom went unpaid. Each attempt to restart the computer gave you a punishment of 1,000 randomly deleted files, locking the user in a position where they have no other choice but to pay as soon as possible.
Fortunately, decryption tools against ransomware (including Jigsaw) are being developed by professionals. However, new ransomware variants are also developed constantly, which means decryption tools also need to be constantly updated. Your variant may not be available for decryption yet.
Still, if you ever get ransomware, don’t rush to pay for your data, check if there are decryption tools available for the strain you get.
CryptoLocker is another crypto-ransomware that encrypts files and asks for money in return for the decryption key. A ransom note then tells you to pay for the decryption key within 72 hours.
CryptoLocker first emerged in September 2013 through the GameOver ZeuS botnet and various malicious email attachments. It took a global task force called Operation Tovar, which included the FBI, Europol, and other security companies to conquer the original version of CryptoLocker in June 2014 (or, more specifically, the GameOver ZeuS botnet, a malicious software responsible for the distribution of CryptoLocker).
GameOver ZeuS, a botnet based on the earlier ZeuS trojan, infected computers through emails and added them to its network of infected devices.
CryptoLocker roughly infected over 250,000 computers over 3 months.
Unlike previous ransomware examples, Petya locked users out of hard drives instead of just encrypting the files. It first showed up in 2016 when they targeted and exploited Microsoft’s vulnerabilities.
So how does it work? After being installed on your device, Petya will infect the master boot record (MBR), causing your device to reboot and start encrypting the master file table. A master file table is a reference table for every single file on your device, so your computer won’t even boot properly and will direct to Petya’s ransom note instead.
Several reiterations showed up later on, specifically NotPetya and GoldenEye. NotPetya, a ransomware variant of Petya, was responsible for a global cyberattack on Ukraine in 2017.
Overall, NotPetya caused over $10 billion of damages across Europe and the US.
Unlike Petya, NotPetya didn’t seem to be financially motivated and exploited the same vulnerability as WannaCry, which rampaged a few months before NotPetya was launched. The ExternalBlue vulnerability in the new version allowed it to spread quicker and wider than the original Petya.
Locky is a crypto-ransomware that spread in 2016 through malicious attachments in phishing emails, usually in the form of an invoice within a Word document.
When you opened the Word document, it prompted you to activate your macro so the document can be displayed properly. This activated the malicious script hiding in the Word document, infecting your device with Locky.
What’s so impressive about Locky is that it can encrypt up to 160 file types. The file types it encrypts are mainly used by developers, designers, engineers, and QA testers.
TeslaCrypt is ransomware that first showed up in 2015. In the beginning, this ransomware targeted gamers using Windows, as it primarily affected game data. However, older versions of TeslaCrypt also affected generic file types, such as Word, PDF, and JPEG.
In 2016, the developers of TeslaCrypt stopped the project and released the master decryption key.
Fight Against Ransomware with Inspired eLearning
Ransomware attacks are unfortunately part of the territory; they’re not just some dark web mystery. While we reviewed 7 of the most notorious incidents, there are still plenty of others not mentioned. These include Samsam, Ryuk, Cerber, Gandcrab, and more.
While ransomware attacks are terrifying given the amount of damage they can cause, it’s still avoidable if you use antivirus software and provide the cybersecurity awareness training needed to strengthen your entire organization’s protection.
Most ransomware families managed to slip through security systems thanks to a combination of employees falling for phishing scams, downloading malicious attachments, or clicking malicious links.
These are all things that security awareness training can prevent.
Protect your employees and your company’s assets by educating your workforce. Get customized training for your team with our security awareness training program and prevent ransomware threats today!
Digital Content Manager
Content marketer with 5 years of experience in the cloud security and compliance industry. Using SEO to keep security first by keeping it on the first page.
Previous PostInspired eLearning Wins 4 Awards at the Global InfoSec AwardsNext PostDeveloping a Sexual Harassment Policy: 7 Things to Include
Zero Day Malware Detected in MS Office
White Hat, Black Hat, Grey Hat… What’s That?