Ransomware attacks have been the most prominent threat to enterprises, SMBs, and individuals alike in the last decade. In the last few years, organizations the world over have experienced a sharp uptick in ransomware attacks. From CryptoLocker to WannaCry and NotPetya, ransomware attacks highlights the evolution of ransomware over the years.
Ransomware is a type of malicious program that denies the victims access to their files or systems. It holds the victims' files or the entire devices hostage using strong encryption until the victim pays a ransom.
While ransomware has been around since the beginning of this century, ransomware variants have grown increasingly advanced in their capabilities; like spreading more quickly, evading detection, encrypting files with strong encryption, and forcing victims into paying ransoms.
New-age ransomware attacks are carried out using a combination of advanced distribution methods. Cybercriminals have started to use pre-built infrastructures to distribute new ransomware variants. These variants come preloaded with crypters which make reverse-engineering extremely difficult.
Types of Ransomware Attacks
CryptoLocker Ransomware Attack
CyptoLocker botnet is one of the oldest forms of cyber attacks which has been around for the past two decades. The CyptoLocker ransomware came into existence in 2013 when hackers used the original CryptoLocker botnet approach in ransomware.
CyptoLocker ransomware is the most destructive form of ransomware since it uses strong encryption algorithms. It is often impossible to decrypt (restore) the Crypto ransomware-infected computer and files without paying the ransom.
WannaCry Ransomware Attack
WannaCry is the most widely known ransomware variant across the globe. The WannaCry ransomware attack has affected nearly 125,000 organizations in over 150 countries. Some of the alternative names given to the WannaCry ransomware are WCry or WanaCrypt0r.
Cerber Ransomware Attack
Cerber ransomware attacks targeted cloud-based Office 365 users. Millions of Office 365 users have fallen prey to an elaborate phishing campaign carried out by the Cerber ransomware.
CryptoWall Ransomware Attack
CryptoWall is an advanced form of CryptoLocker ransomware. It came into existence since early 2014 after the downfall of the original CryptoLocker variant. Today, there are multiple variants of CryptoWall in existence. It includes CryptoDefense, CryptoBit, CryptoWall 2.0, and CryptoWall 3.0.
Locky Ransomware Attack
Locky is another ransomware variant which is designed to lock the victim's computer and prevent them from using it until a ransom is paid. It usually spread through a seemingly benign email message disguised as an invoice.
GoldenEye Ransomware Attack
GoldenEye is similar to the infamous Petya ransomware. It spreads through a massive social engineering campaign that targets human resources departments. When a user downloads a GoldenEye-infected file, it silently launches a macro which encrypts files on the victim's computer.
Jigsaw Ransomware Attack
Jigsaw is one of the most destructive types of ransomware attacks, because it encrypts and progressively deletes the encrypted files until a ransom is paid. It starts deleting the files one after the other on an hourly basis until the 72-hour mark- when all the remaining files are deleted.
When a user opens the email attachment, the invoice gets deleted automatically, and the victim is directed to enable macros to read the document. When the victim enables macros, it begins encrypting multiple file types using AES encryption.
Apart from the list of ransomware mentioned above, Petya, NotPetya, TeslaCrypt, TorrentLocker, ZCryptor, etc., are some of the other ransomware variants that are well-known for their malicious activities.
Ransomware is a critical threat to your computer and your data. By practicing safe computing habits and by using up to date security software, you can protect your systems from falling prey to ransomware attacks.
If you an enterprise user, Comodo Advanced Endpoint Protection (AEP) is the ideal solution to protect your endpoint from ransomware. With a built-in containment engine and 'Default Deny' platform, Comodo AEP provides 360-degree protection against any malware threat including ransomware.
Unlike other endpoint security solutions in the market, Comodo Advanced Endpoint Protection (AEP) leverages its unique auto-containment technology which operates from a “default deny” approach. Comodo AEP keeps the unknown or harmful files "contained" within a controlled environment while the Valkyrie Verdict engine determines whether they are malicious or not.