One point that makes TeslaCrypt dangerous is that it is constantly being improved, some allow infected machines to be patched in 2016, but making file recovery nearly impossible without the help of the creator. This malware. Unexpectedly, after 2 months, the creator TeslaCrypt announced that he was bored and gave the key to the world.
As more and more important files are transferred to mobile devices, they also become subject of ransomware. Selected Android was attacked, from late 2015 to early 2016, the number of ransomware infections on Android increased nearly 4 times. Many people call this 'blocker' attack because it simply makes accessing files harder by preventing users from viewing a part of the UI.
But at the end of 2015, the particularly dangerous ransomware named SimpleLocker began to spread. It was the first Android attack to actually encrypt files, and the first ransomware launched a malicious payload via trojan downloader, making it difficult to keep security measures. Born in Eastern Europe, three-quarters of its victims were in the US.
The good news is that although SimpleLocker shows a significant increase in malware on Android, the overall figure is still quite low, only about 150,000 at the end of 2016, quite small compared to the total number of Android users. Most victims are infected when trying to download porn applications or illegal content outside of Google Play Store. Google has worked very hard to ensure users are hard to be attacked by ransomware.
CryptoLocker marks the era where ransomware is not merely intriguing. In mid-2017, two large and twisted ransomware attacks spread around the world, causing hospitals in Ukraine and radio stations in California to close. That's when ransomware really became a disaster.
The first attack was WannaCry and it 'easily became the worst ransomware attack in history,' said Avast's Penn. 'On May 12, it began to attack Europe and only four days later, Avast discovered more than 250,000 devices infected on 116 countries.'
The importance of WannaCry lies not only in the numbers: CTO of ReliaQuest Joe Partlow points out that this is the 'first wave of attack using hacking tools from NSA', in this case, EternalBlue, the vulnerability takes advantage errors in Microsoft SMB protocol practice. Although Microsoft has released the patch, many users have not yet installed it.
WannaCry spreads quickly because users do not need to interact any more. Penn said. Kyle Wilhoit, a long-time cyber security researcher at DomainTools, said that 'many organizations use port 445 SMB, are easily compromised on the network and facilitate the spread of computers'.
If WannaCry is the messenger to signal the new era, NotPetya officially confirms. It is ransomware that has been available since 2016, but only weeks after WannaCry, its update spread, also using EternalBlue as WannaCry. The researchers called it NotPetya because it was much more advanced than the original. It is also suspected that NotPetya is not a ransomware that the Russian disguise is used to attack Ukraine.
Varun Badhware, CEO and co-founder of RedLock realized that even knowing who is behind these attacks does not prevent it from happening. Exploiting tools are full on the internet, so anyone can use them. NotPetya's rapid spread shows that organizations have not yet seriously considered network security. Seriously monitor network traffic and ensure that monitoring in cloud environment can prevent infection of NotPetya. Those who use advanced network monitoring tools can automatically detect traffic on non-standard ports, which are used for services like WannaCry.