A ransomware attack: what is that?
A ransomware attack entails the attacker encrypting and locking the victim's critical files and data, and then requesting money to unlock and decode the information.
This kind of attack infects the victim's device, which may be a computer, printer, smartphone, wearable technology, point-of-sale (POS) terminal, or other endpoint, by taking advantage of flaws in the system, software, network, and human security.
Examples of Ransomware Attacks
Malware that uses ransomware comes in thousands of varieties. We've included a few examples of viruses that affected the entire world and caused substantial harm below.
WannaCry
WannaCry is an intrusive ransomware that takes advantage of a weakness in the Windows SMB protocol. It spreads by itself and can attack further computers. WannaCry is distributed as a dropper, which is a stand-alone application that extracts files including encryption keys, the Tor communication program, and an encryption/decryption application. It can be easily found and eliminated because it is not disguised. 2017 saw a quick spread of WannaCry across 150 countries, impacting 230,000 systems and resulting in estimated damages of $4 billion.
Locky
Locky can encrypt 160 different file types, most of which are utilized by engineers, testers, and designers. 2016 saw its initial release. The main methods used to spread it are exploit kits and phishing, in which cybercriminals send emails urging recipients to open Microsoft Office Word or Excel.
Cerber
Cybercriminals can utilize Cerber, which is ransomware-as-a-service (RaaS), to launch assaults and share their loot with the virus developer. Cerber encrypts files discreetly and may attempt to stop Windows security and antivirus software from operating in order to keep users from being able to restore the system. Upon successful encryption of the system's files, a ransom message appears as the desktop wallpaper.
Petya and NotPetya
The ransomware Petya encrypts a computer's whole hard disk by gaining access to the Master File Table (MFT). The files themselves are not encrypted, but this renders the drive as a whole unusable. When Petya first appeared in 2016, it was mostly distributed by a phony job application message that linked to a Dropbox file containing malware. Windows computers were the only ones impacted.
To make modifications at the admin level, Petya needs the user's consent. When the user accepts, the machine reboots and displays a phony system crash screen before secretly beginning to encrypt the drive. Next, the ransom notice appears.
The Cryptolocker
After its introduction in 2017, Cryptolocker had an impact on more than 500,000 machines. Usually, email, file-sharing websites, and unprotected downloads are how computers become infected with malware. It can scan mapped network devices and encrypt files that it is authorized to write to in addition to encrypting files on the local computer. Crypolocker variations that have emerged recently can avoid firewalls and antiviral software.
Ryuk
Through drive-by downloads or phishing emails, Ryuk Ryuk attacks computers. It employs a dropper to create a persistent network connection and extract a trojan from the victim's computer. After installing other tools like keyloggers, attackers can use Ryuk as a foundation for an Advanced Persistent Threat (APT) that allows for privilege escalation, lateral movement, and other activities. Every subsequent system that the attackers access has Ryuk installed on it.
After infecting as many computers as they can with the trojan, the attackers launch the locker ransomware and encrypt the data. The ransomware phase of a Ryuk-based assault campaign is only the last phase of the attack, after the attackers have already caused harm and taken the necessary files.
You must be logged in to post a comment.