Ransomware attack — is when a type of malicious software or malware that holds files, systems, or even entire devices hostage. It gains and subsequently blocks user access using encryption, then asks the victim to pay a ransom in exchange for a decryption key. This key allows the user to gain back access to the encrypted files or devices.
This type of malware has been around for decades, and has spawned an entire industry of cyber security services companies. The first ever ransomware documented was the AIDS Trojan or the PC Cyborg virus. In 1991, the virus was spread via a floppy disk named “AIDS Information Introductory Diskette,” which was sent to a mailing list of AIDS researchers. The malware hid directories and encrypted the names of all files on a drive, rendering the system unusable. It then asked users to “pay for the cost of leasing these [computer] programs.” The malware’s creator claimed that the ransom money went to AIDS research.
To this day, ransomware remain a looming danger for businesses and individuals alike. Just in 2018, it was recognized as one of the biggest malware threats. It also doesn’t help that ransomware attacks are continuously evolving — they’re becoming increasingly sophisticated, harder to prevent, and more dangerous. The following are some of the worst ransomware attacks of recent years, which have caused billions in damages across the globe.
First detected in February 2015, TeslaCrypt was notorious among computer gamers. This virus targeted hard drive files associated with video games — from saved data and player profiles to custom maps and game mods. Newer variants of the malware also encrypted Word, PDF, JPEG, and other file types.
In all cases, the victims were prompted to pay a ransom of $500 worth of bitcoin for the decryption key. Most TeslaCrypt attacks occurred first in the United States, Germany, and Spain, and later in Italy, France, and the United Kingdom.
By 2016, TeslaCrypt comprised 48 percent of ransomware attacks, and it was virtually impossible to restore the files without help from the malware’s developers. Surprisingly, the creators of TeslaCrypt shut down the ransomware and released the master decryption key in May of the same year.
The migration to mobile also saw the increase of mobile-based malware infections. From late 2015 to early 2016, ransomware attacks on devices running Android OS quadrupled. Many simply blocked access to certain files and applications, but a particularly aggressive ransomware called Simplelocker encrypted files and made them completely inaccessible.
Masquerading as a legitimate application, the malware scans the device for various file types and converts them into an ENC (a standard encoded file). It also collects other device information like the serial number, model, and manufacturer, while newer versions access the device camera and show a picture of the victim to scare them into paying the ransom.
Although initially developed in Eastern Europe, Simplelocker has scammed more Americans — around 75% of its victims were in the US. Most were infected by downloading applications and content from dubious sources other than the official Google Play store.
The WannaCry ransomware attack that broke out in May 2017 was a worldwide catastrophe that shut down hospitals and affected numerous entities, which is why it was dubbed “the worst ransomware attack in history.” The attack infected more than 230,000 computers in over 150 countries — and it affected several large companies across the globe such as FedEx, Deutsche Bahn, Honda, and Telefónica, as well as the Russian Interior Ministry.
The malware targeted computers running Microsoft Windows; it encrypted data and demanded a ransom of $300 per computer in the form of Bitcoin cryptocurrency. It was propagated through an exploit for older Windows systems, which was discovered by the US National Security Agency. While Microsoft had released patches to seal off the exploit, many organizations did not update their systems. WannaCry took advantage of this negligence and also installed backdoors onto infected systems.
Thanks to its emergency patches and the discovery of a kill switch, Microsoft was able to stop the attack within a few days, preventing infected computers from further spreading the ransomware.
More ransomware attacks coming
Recently, new strains of targeted ransomware have emerged. For instance, SamSam ransomware focused on exploiting vulnerabilities on servers rather than employing the typical tactic of masquerading as a legitimate file or application. The ransomware was behind the attacks on high-profile government and healthcare targets, including the Colorado Department of Transportation, the City of Atlanta, and several healthcare facilities.
Another targeted ransomware attack variant that made the rounds in 2018 and 2019 was Ryuk. It targeted specifically enterprise environments for a high-ransom return. Among its victims are daily newspapers and a North Carolina water utility company. One devastating feature of Ryuk is that it can disable the Windows System Restore option, which makes it difficult to retrieve the encrypted data. Since the malware’s first appearance, it has swindled over $3 million across 52 transactions.
Although it’s now much easier to recover encrypted files, there is no single solution to all existing and new variants of ransomware. The best way to protect yourself is to prevent these attacks from happening. This means observing and following set security practices such as performing frequent backups and staying away from dubious messages and attachments.
To help your company significantly reduce the risk of ransomware attacks, work with one of the top IT companies in Los Angeles — Frontline. We offer comprehensive IT consulting, support, and security services to small- and mid-size businesses. See what we can do for your company by getting in touch with us.