Ransomware is a dangerous type of malware and viruses, and ransomware attacks are unfortunately on the rise now. These attacks cause significant financial losses and reputational damage.
When it comes to ransomware attacks, Most prone regions are North America, Asia and Europe. North America holds the first position with about 33% of the attacks and the rest are as follows
1. USA
2. UK
3. AUSTRALIA
4. CANADA
5. GERMANY
6. DENMARK
7. JAPAN
8. FRANCE
As for ransomware stats of the most attacked operating softwares, Windows rank at first. 85% ransomware attacks are done on windows operating system, next is MacOS and iOS both accounting for 7% and android accounts for 5% of the ransomware attacks.
Now let’s talk about the ransomwares. The top ransomwares of all time are as follows –
1. Wanna Cry
2. Golden Eye
3. Locky
4. Ryuk
5. Bad Rabbit
6. Petya
7. Not Petya
8. Gandcrab
1)Locky
Locky is a ransomware that was first used for an attack in 2016 by a group of organized hackers. Locky encrypted more than 160 file types and was spread by the means of fake emails with
infected attachments. Users fell for the email trick and installed the ransomware on their computers. This method of spreading is called phishing and is a form of what is known as social engineering. Locky ransomware targets file types that are often used by designers, developers, engineers and testers.
WannaCry
WannaCry was a ransomware attack that spread to over 150 countries in 2017. It was
designed to take advantage of a security vulnerability in Windows that was created by the NSA
and leaked by the Shadow Brokers hacker group. WannaCry affected 230,000 computers worldwide. The attack hit one third of all NHS hospitals in the UK, causing
estimated damages of 92 million pounds. Users were locked out and a ransom payable in Bitcoin was demanded. The attack exposed the difficulty of outdated systems, because
the hacker exploited an operating system vulnerability that a patch had long existed at the time of the attack. The worldwide financial damage caused by WannaCry was approximately estimated around US$4 billion.
Bad Rabbit
Bad rabbit was a ransomware attack which was carried out in 2017. It was spread via drive by attacks. Websites which had
weak to no security were prone to this attack. In this type of ransomware, It is usually disguised in the form of adobe flash installer, a person who visits the website which is infected with this ransomware, will face a pop-up to download an update for the adobe flash plugin which is not the real update but is a virus in disguise. When this person downloads it and installs it on his/her system, it pops up with a note and locks all the files on the system. The note says that the person has 40 hours to pay the ransom or else all their files will be corrupted.
RYUK
Ryuk is a ransomware where once it is executed onto a system, it encrypts all the data available on the system and
locks the system. A note is displayed saying the system’s been infected by the ransomware and if the ransom isn’t paid in the given time, all the data will be corrupted. Ryuk is suspected to be originated from north korea but in recent times cybersecurity companies believe that few Russians are behind this ransomware. The ransomware basically uses trickbot computer malware to install the ransomware. Once that’s done, it defies many of the malware recognition tools/processes implemented by anti virus software which makes it more difficult to detect this ransomware. This ransomware targets mostly big companies like Microsoft, etc.
GoldenEye
Golden eye is characterized by encrypting the MBR when it gets the access, hence blocking access to the computer and this attack is similar to WannaCry Ransomware which has also caused a huge amount of loss to people and big entities.
This Ransomware is spreaded as .dll extension which could begin with any name that could spoof the user downloading or running this ransomware. Once it is run onto the system, it completely locks out the user by encrypting all the data present on the system. . Also it also locks the bootloader meaning even if you want to
boot into safe mode you cannot do that hence there is no way one can remove the malware without physically changing the infected storage drive to an uninfected one. It asks for ransom in the form of crypto or other untraceable currency. Once payment is done, it asks the user to shut down the pc and once the user reboots the pc, malware displays a fake pop up saying that the disk error has been fixed successfully.
PETYA/NOT PETYA
PETYA/NOT PETYA is a type of malware which was discovered first in 2016. It spread through email
attachments. When the recipient downloads the infected file, the petya would start it’s work and just like any other ransomware, lock you out of computer. PETYA had again appeared in 2017 in the form of major cyber attack. It mostly affected Ukranian banks and companies which cost the entities almost 10 billion USD in damages. Petya usually infects computer’s MFT. MFT’s are usually guide for every single file on your drive. Without MFT’s the computer cannot find any of it’s files. If it can’t find any files then your pc won’t even boot properly when you restart the system after it’s been infected.
GANDCRAB
GandCrab was first introduced in January 2018 , it is a type of ransomware which like any other ransomware, it encrypts and locks the user’s data and asks for a ransom in order to decrypt the data. One unique thing about this ransomware is that it does not infect systems present in soviet and pre-soviet regions. Gandcrab creator gave away the technology to many cyber criminals and hence people who use this ransomware have to share a part of revenue to gandcrab crew.
There are 5 different versions of this ransomware. It uses the business employee affiliated model to infect systems.
When it infects the system, it locks all the files and directly takes the user to dark web link where gandcrab’s note is popped as shown in the above
image.
Ransom amount usually ranges between $600 to $600,000 depending upon the value of the data.
If the user has difficulty in paying the ransom, they also have a 24/7 online chat support and hence making it the most unique ransomware from all.