Last year, we did an article on Nordic SMEs Enjoy Hygge Amidst Global Cybersecurity Threat and covered extensively on the LockerGoga ransomware. We discussed the uniqueness of the strain and how only a handful of expensive anti-malware products can detect and neutralize the LockerGoga. We recommended how Nordic SMEs should be ready to bear that cost over entertaining ransom attackers in any manner.
It is March 2021, and Colonial Pipeline, United States’ largest gasoline pipeline, has been shut down following a new ransomware attack. It threatened to roil energy markets and disrupt the delivery of gas and diesel to the East Coast. Colonial is a major thoroughfare for the eastern side of the United States. It has a capacity of around 2.5 million barrels per day on its system from Houston to North Carolina and another 900,000 barrels per day to New York. DarkSide is the ransomware that appeared to be used in the attack.
On the Dark Web, a computer network that can communicate information anonymously, hackers have become efficient at talking about vulnerabilities. The ability to demand bitcoin payment hinders law enforcement’s capacity to pursue criminals. In addition, the rise of insurance coverage that covers ransomware payments has aided in the development of a more professionalized ransomware sector.
According to a report released, 16 Conti ransomware cyberattacks against healthcare and first responder networks last year, including law enforcement agencies, emergency medical services, 911 dispatch centers, and municipalities. Conti has targeted almost 400 groups throughout the world, including 290 in the United States. The Irish health care was the subject of a recent Conti ransomware assault, with some stolen patient data being released online. Industrial software firm Advantech Co. Ltd. was a previous Conti victim in November. In December 2020, a hardware and software supplier, Sangoma Technologies Corp., was under attack, and hospitals in Florida and Texas in February.
Two Types of Ransomware
Locker Ransomware malware disables basic computer functionality. You may, for example, be denied access to the desktop while your mouse and keyboard are partially disabled. This permits you to continue interacting with the ransom demand window to pay the ransom. Aside from that, the machine is completely unusable. Locker malware normally doesn’t attack the important files; instead, it just aims to shut you out. As a result, complete data destruction is unlikely.
The goal of Crypto Ransomware is to lock your vital data, such as papers, photos, and videos, but not to disrupt your computer’s core functioning. Because people can see their files but not access them, this causes panic. Crypto ransomware can be disastrous since many users are ignorant of the necessity for backups in the cloud or external physical disk drives. As a result, many users pay that money only to regain access to their information.
Past Rendezvous of Most Evil Ransomware
Locky was first discovered in 2016 as one of the most significant malware threats on the wild-wild Internet. Locky ransomware malware encrypts important files on Windows OSes to make them inaccessible for you. While they take charge of the victim’s computer, they demand a ransom to decrypt the encrypted files. The ransomware is placed on users’ PCs through hoax email. This technique of propagating is known as phishing, and it is a type of social engineering.
Ryuk is high-risk ransomware that infiltrates the system and encrypts stored data since August 2018. Without an external backup, it is impossible to restore the encrypted data. Ryuk is among the most expensive ransomware in history, costing USD 300,000 to unlock a complete machine. As per the FBI, Ryuk’s attacks have cost more than USD 60 million in damage worldwide. In 2020, EMCOR Group (engineering and industrial construction company) and Epiq Global (legal services organization) suffered due to the Ryuk ransomware attack.
In 2017, WannaCry ransomware affected over 150 countries. It was developed to take advantage of a security flaw in Windows established by the National Security Agency (NSA) and distributed by the Shadow Brokers hacker organization. WannaCry infected over 230,000 systems throughout the world. WannaCry spread through email phishing attacks. More than 200 thousand individuals and businesses were impacted worldwide, including FedEx, Telefonica, Nissan, and Renault.
The first Petya ransomware attack took place in 2016. Later, it was reborn in 2017 as the GoldenEye. Instead of encrypting specific files, this dangerous ransomware encrypts the entire hard drive of the user. It is accomplished by encrypting the Master File Table (MFT). Petya targeted various institutions worldwide, including banks and businesses in the transportation, oil, food, and health sectors. For example, the National Bank of Ukraine, Mondelez (a food firm), Merck (a pharmaceutical firm), and Rosneft (a Russian oil firm) (an oil company) were under Petya’s attack.
Run a WordPress Site? Well, there’s the WordPress Ransomware
“The Gootloader Hackers poison WordPress websites globally to infect business professionals with ransomware, intrusion tools, and bank trojans,” says eSentire. eSentire’s security research team, Threat Response Unit (TRU), informs about discovering Gootloader hackers that have launched the “Drive-By Download Campaign” targeting the hotel industry, high-end retail, education, healthcare, music, and visual arts, among others. As per TRU, all these websites used WordPress as their content management system. Admittedly, the more popular a WordPress site is, the more prone it is to ransomware.
2021 has witnessed a major increase in ransomware threats, which might be attributed to both the acceleration of digital transformation across all industries and the growing adoption of remote work. The number of cyberattacks could rise throughout the year; their complexities will rise, and protecting against them will become more difficult. It is vital to evaluate what is at stake or what data could be erased or published when estimating the magnitude and scope of a cyberattack. Regardless of ransomware, storing up data ahead of time and using protection tools properly can greatly lessen the severity of an attack.