The Most Infamous Ransomware Attacks of 2017
Ransomware seems to be the trend in the world of cyber attacks.Some cyber security experts even call 2017 the year of ransomware attacks; they were so rampant and were discussed like never before. The WannaCry attack resulted in the term ransomware becoming familiar to the layman as well. The NotPetya attack too affected over 100 countries and devastated networks in large numbers.
HackerCombat presents a compilation of the most notable ransomware attacks of the year 2017-
The WannaCry outbreak happened in May 2017; it spread to over 150 countries and infected more than 230,000 computers in just one day. WannaCry spread exploiting a vulnerability, named EternalBlue, in the Windows OS. Several leading organizations, including UK’s National Health Service (NHS), were hit. The outbreak was on such a large scale that in just a couple of days the whole world started discussing it and the term ransomware turned familiar even to the layman.
The NotPetya ransomware, which superficially resembles the Petya ransomware, started spreading in June 2017. It started off as a fake Ukranian tax software update and spread across over 100 countries in just a few days. The attackers exploited the EternalBlue vulnerability, the same exploit that led to the WannaCry attack. NotPetya impacted many leading organizations, including Maersk, the world’s largest container ship and supply vessel operator.
New variants of the already popular Locky ransomware surfaced in 2017. The new variants, called Diablo and Lukitus, spread via phishing emails. It was in August 2017 that these two versions of the Locky ransomware struck. The attack was really widespread; there were reports of over 23 million emails with the malware being sent to the US workforce in just 24 hours time span.
The CRYSIS ransomware, which first appeared in 2016, resurfaced in 2017 and did brisk business extorting money from victims, especially in Australia and New Zealand. Distributed by brute force remote desktop (RDP) attacks, CRYSIS attacks also targeted the US; the US healthcare sector was hit badly.
The Cryptomix ransomware spread across almost 29 countries and affected thousands of systems. The victims were forced to pay as much as $3,000 as ransom to get back their files/data. The notable thing about this ransomware is that it doesn’t have any kind of payment portal available on the dark web. The users instead have to wait for the hackers to contact them and pass on instructions as to how the payment has to be made.
Cerber has gained prominence as one of the early drivers of RaaS (Ransomware as a Service); the developers have made this ransomware available to anyone who would be willing to part with a portion of the profits. Cerber utilizes multiple attack vectors and was one of the leading ransomware strains active in 2017.
New versions of the LockCrypt ransomware are surfacing, crippling systems and networks in the process. This ransomware got its start under the Satan (Ransomware as a Service) umbrella and has affected businesses in the US, UK, South Africa, India and the Philippines. The notable thing about LockCrypt is that it encrypts files and then renames them with a .lock extension. It also installs itself for persistence and deletes back-ups, thereby preventing an easy recovery. The victims would have to pay ransoms ranging from 0.5 and 1 Bitcoin per server, or between $3,500 and $7,000 per machine. The hackers would also demand hundreds of thousands of dollars from a company whose systems they successfully target in large numbers.
The Jigsaw ransomware, which comes with a ransom note that carries an image of the iconic character from the movie ‘Saw’, can be seen as another carryover from 2016. A notable thing about this ransomware is that it deletes the victim’s files if it takes too long for the victim to pay the ransom of $150.
* The compilation has been made based on analyses done by our experts up till October 2017.