AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » Malware » Top Five Worst Ransomware Attacks

Top Five Worst Ransomware Attacks

by

Top Five Worst Ransomware Attacks

Recent ransomware attacks are becoming more complex and harder to decrypt. They are also easier to launch and distribute. Global cyber attacks are launched with emails that are personalized to trick the reader. Much of the information used in a targeted spear phishing email attack is gained from social engineering.

What is Ransomware?

Ransomware is a portmanteau of two words “ransom” and “malware.” Ransomware is a form of malware that infects a laptop, hardware, software, or entire IT system. The hacker who launched the ransomware attack usually takes control of an internet connected device and blocks all other access to the device or certain files on the device. To regain control of the computer, the hacker demands something, usually money as a ransom. When the hacker’s ransom is paid, control of the computer system is (supposedly) returned to the owner. There is generally a deadline by which the ransom must be paid.

WannaCry

WannaCry was a global ransomware malware that struck Europe in 2017. European firms such as FedEx, Portugal Telecom, and Russia’s Megafon were all infected with WannaCry. The entire British healthcare system was locked up by WannaCry. The ransomware also spread to Taiwan.

This malware is based on the United States’ NSA’s Eternal Blue hacking tool which hacked itself and release on the dark web.

WannaCry locked up computers in exchange for $300 in Bitcoin. The malware only made about $50,000.

Locky

Locky is one of the happiest sounding names in ransomware. This variant showed up in 201 and persisted into 2017. It was especially notorious because it was delivered via email in the form of an attached pdf invoice. If the email reader opened the attached file, the ransomware would start installing itself and infecting the machine immediately.

Hollywood Presbyterian Medical Center paid $17,000 ransom money as Bitcoin for a decryption key for patient data. BY the time it was over, Locky had infected one million machines!

Petya

Petya was a 2017 ransomware infected machines in Europe, as well as the United States, the Middle East, Spain, Germany, Israel, the UK, Netherlands and the United States. Russia was hit the hardest The Ukrainian National Bank, Russia’s state power company, the metro system, and the main airport in Kiev were all affected with the Petya ransomware outbreak. Even Chernobyl’s radiation monitoring system was infected with the malware.

Petya also demanded $300 in Bitcoin to release control of infected machines. However, the ransomware had a fatal flaw. The ransom deposits were all funneled to one email address used for a Bitcoin wallet. That email box was quickly closed down by the email provider, this making the ransomware pointless.

Petya only affected unpatched Microsoft Windows machines by exploiting Eternal Blue technology.

NotPetya

NotPetya is a variant of Petya malware. This ransomware is an especially malicious and nasty version of ransomware call sabotageware. Most ransomware is out to rake in money for the hacker who created it. In the case of sabotageware, NotPetya was only out to encrypt and destroy files. There was not ransom and no decryption. Like it close malware cousin, Petya, this malware runs a fake CHKDSK display while it begins to encrypt the unsuspecting victim’s files.

It is believed that Russian and Ukraine were the targets of a politically motivated cyber attack.

Bad Rabbit

Bad Rabbit is another ransomware which a variant of Petya malware is. It was targeted at enterprise networks. And you already know that Petya uses the NSA’s Eternal Blue which was released into the wild by, you guessed it, hackers!

Bad Rabbit’s patience was on a short leash as victims had only 41 hours to transfer 0.5 Bitcoin (which was worth a LOT more at the time) to receive the decryption keys. Fortunately, it was easy to defeat Bad Rabbit proactively, with a few helpful system changes discovered by Kaspersky Labs.

The ransomware was distributed through a fake Adobe Flash update. Russia was hit hardest by Bad Rabbit. There were however, infections in Ukraine, Turkey, Germany, Poland, South Korea, and the United States.

The best defense is user education. Learn to distinguish a legitimate email from a phishing email. Another important defense against malware is keeping hardware and software updated with the latest security patches.

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers