5 biggest ransomware attacks in the last 5 years

Over the past few years, we have seen a significant increase in extortion-related attacks, but ransomware is not something new. Malware uses data to extort money from many years ago. In 1991, a biologist released the first PC Cyborg, ransomware, by sending a floppy disk mail to AIDS researchers.

1. Theory - What is Ransomware?

In the mid-2000s, Archiveus was the first ransomware to use encryption even though it was defeated long ago and you can find its password on Wikipedia. Since 2010, police ransomware has appeared, which are used to warn law violations and demand payment of fines. Later, they began exploiting anonymous payment services to easily take advantage without being caught.

Over the past few years, since only curious and frustrating, ransomware has become a catastrophe that has clung to top secret spy organizations and international organizations. The biggest ransomware attacks in the past half decade will show us the evolution of this type of malware.

CryptoLocker

Appearing in 2013, CryptoLocker has opened the ransomware era on a large scale. It is distributed via attachments in spam messages and uses RSA encryption key to hold the user's file, asking for money back if you want to decrypt. Jonathan Penn, Strategic Director at Avast, said that at the peak of the end of 2013 and early 2014, there were more than 500,000 machines infected with CryotoLocker.

CryptoLocker is more or less pristine, eventually defeated by Operation Tovar, a white-hat campaign to lower the botnet controlling CryptoLocker in the process of discovering the key that CryptoLocker uses to encrypt files. But as Penn said, CryptoLocker has 'opened up a port of water' for many file-encoding ransomware variants, some of which use CryptoLocker code or name or were written from scratch but very similar to CryptoLocker.

Variations in general have tested about $ 3 million, one of which is CryptoWall, by 2015 it has accounted for more than half of the ransomware infections.

TeslaCrypt

Initially thought to be a variant of CryptoLocker, this ransomware then has a new name TeslaCrypt and is smarter: targeting dependent files - games, maps, downloaded content . These files are very valuable to But hardcore gamers are often stored on the computer instead of on the cloud or backed up with an external drive. By 2016, TeslaCrypt accounted for 48% of ransomware attacks.

5 biggest ransomware attacks in the last 5 years Picture 1
Over time, ransomware has become a real threat

One point that makes TeslaCrypt dangerous is that it is constantly being improved, some allow infected machines to be patched in 2016, but making file recovery nearly impossible without the help of the creator. This malware. Unexpectedly, after 2 months, the creator TeslaCrypt announced that he was bored and gave the key to the world.

SimpleLocker

As more and more important files are transferred to mobile devices, they also become subject of ransomware. Selected Android was attacked, from late 2015 to early 2016, the number of ransomware infections on Android increased nearly 4 times. Many people call this 'blocker' attack because it simply makes accessing files harder by preventing users from viewing a part of the UI.

But at the end of 2015, the particularly dangerous ransomware named SimpleLocker began to spread. It was the first Android attack to actually encrypt files, and the first ransomware launched a malicious payload via trojan downloader, making it difficult to keep security measures. Born in Eastern Europe, three-quarters of its victims were in the US.

The good news is that although SimpleLocker shows a significant increase in malware on Android, the overall figure is still quite low, only about 150,000 at the end of 2016, quite small compared to the total number of Android users. Most victims are infected when trying to download porn applications or illegal content outside of Google Play Store. Google has worked very hard to ensure users are hard to be attacked by ransomware.

WannaCry

CryptoLocker marks the era where ransomware is not merely intriguing. In mid-2017, two large and twisted ransomware attacks spread around the world, causing hospitals in Ukraine and radio stations in California to close. That's when ransomware really became a disaster.

1. Learn about WannaCry

The first attack was WannaCry and it 'easily became the worst ransomware attack in history,' said Avast's Penn. 'On May 12, it began to attack Europe and only four days later, Avast discovered more than 250,000 devices infected on 116 countries.'

The importance of WannaCry lies not only in the numbers: CTO of ReliaQuest Joe Partlow points out that this is the 'first wave of attack using hacking tools from NSA', in this case, EternalBlue, the vulnerability takes advantage errors in Microsoft SMB protocol practice. Although Microsoft has released the patch, many users have not yet installed it.

WannaCry spreads quickly because users do not need to interact any more. Penn said. Kyle Wilhoit, a long-time cyber security researcher at DomainTools, said that 'many organizations use port 445 SMB, are easily compromised on the network and facilitate the spread of computers'.

NotPetya

If WannaCry is the messenger to signal the new era, NotPetya officially confirms. It is ransomware that has been available since 2016, but only weeks after WannaCry, its update spread, also using EternalBlue as WannaCry. The researchers called it NotPetya because it was much more advanced than the original. It is also suspected that NotPetya is not a ransomware that the Russian disguise is used to attack Ukraine.

1. Information about NotPetya

Varun Badhware, CEO and co-founder of RedLock realized that even knowing who is behind these attacks does not prevent it from happening. Exploiting tools are full on the internet, so anyone can use them. NotPetya's rapid spread shows that organizations have not yet seriously considered network security. Seriously monitor network traffic and ensure that monitoring in cloud environment can prevent infection of NotPetya. Those who use advanced network monitoring tools can automatically detect traffic on non-standard ports, which are used for services like WannaCry.