Prevent Ransomware

Ransomware is a type of malicious software that encrypts the files or systems of the victims and demands a ransom for their decryption. Ransomware attacks can cause significant damage and disruption to individuals, businesses, and organizations by locking them out of their critical data and systems.

Ransomware has been around for decades, but it has become more prevalent and sophisticated in recent years. Here are some of the most notable ransomware attacks in the past

AIDS Trojan (1989)

01

The first known ransomware attack was carried out by Joseph Popp, a Harvard-trained evolutionary biologist. He distributed 20,000 floppy disks containing a program that claimed to measure the risk of AIDS to attendees of the World Health Organization’s AIDS conference. The program encrypted the files on the infected computers after 90 reboots and instructed the victims to send $189 to a PO box in Panama for the decryption key.

GPCode (2004-2008)

02

GPCode was one of the first ransomware variants that used encryption to lock files. It was distributed via email attachments and exploited vulnerabilities in web browsers. GPCode used weak encryption algorithms that could be cracked by security researchers. However, newer versions of GPCode used stronger encryption methods that made decryption impossible without paying the ransom.

CryptoLocker (2013-2014)

03

CryptoLocker was a highly successful ransomware campaign that infected over 500,000 computers and extorted millions of dollars from victims. CryptoLocker used asymmetric encryption to encrypt files and demanded payments in Bitcoin or prepaid vouchers. CryptoLocker was spread via email attachments or through a botnet called GameoverZeuS. CryptoLocker was eventually shut down by a joint operation by law enforcement agencies and security firms.

CryptoWall (2014-2015)

04

CryptoWall was a successor of CryptoLocker that used similar techniques but added more features, such as deleting shadow copies, displaying ransom notes in different languages, and using Tor and I2P networks to hide its command and control servers. CryptoWall infected over 600,000 computers and caused over $300 million in losses.

WannaCry (2017)

05

WannaCry was a global ransomware attack that affected over 200,000 computers in 150 countries. WannaCry exploited a vulnerability in Windows SMB protocol that was leaked by a group called The Shadow Brokers. WannaCry encrypted files and demanded $300-$600 in Bitcoin for their decryption. WannaCry also had a worm-like capability that allowed it to spread across networks. WannaCry was stopped by a security researcher who activated a kill switch in the malware’s code.

NotPetya (2017)

06

NotPetya was a destructive ransomware attack that masqueraded as a variant of Petya, an older ransomware strain. NotPetya used the same Windows SMB exploit as WannaCry, as well as other methods, to infect computers and encrypt their hard drives. NotPetya also overwrote the master boot record, making the systems unbootable. NotPetya demanded $300 in Bitcoin for the decryption key, but the email address for contacting the attackers was shut down, making recovery impossible. NotPetya was widely believed to be a state-sponsored cyberattack by Russia against Ukraine, but it also affected many other countries and organizations.

SamSam (2015-2018)

07

SamSam was a targeted ransomware attack that infected over 200 organizations, including hospitals, schools, governments, and businesses. SamSam used brute-force attacks or stolen credentials to access vulnerable systems and then manually deployed the ransomware across the network. SamSam demanded different amounts of ransom depending on the size and type of the victim organization. SamSam earned over $6 million from its victims.

Ryuk (2018-present)

08

Ryuk is another targeted ransomware attack that focuses on high-profile organizations, such as hospitals, newspapers, municipalities, and enterprises. Ryuk uses phishing emails or other malware, such as TrickBot or Emotet, to gain initial access to the network and then spreads laterally using tools like PowerShell or PsExec. Ryuk encrypts files and demands large amounts of ransom, ranging from $15,000 to $40 million. Ryuk has collected over $150 million from its victims.

Some important to take steps to protect yourself from ransomware attacks. Here are some of the steps you can take.

01

Make regular backups

Backup your important files and data to an external hard drive or a cloud service that is not connected to your network. This way, you can restore your files and data in case of a ransomware attack without paying the ransom. Test your backups regularly to ensure they are working properly.

02

Prevent malware from being delivered and spreading

Use a reputable antivirus software and keep it updated. Scan your devices and email attachments for malware regularly. Avoid clicking on suspicious links or opening unknown email attachments. Use strong passwords and enable multifactor authentication for your online accounts. Do not use public Wi-Fi networks or USB drives that are not trusted. Update your operating system and applications with the latest security patches.

03

Prevent malware from running

Use a firewall and disable unnecessary services or ports on your devices. Restrict user privileges and access rights to the minimum necessary. Do not run programs or files from unknown sources or grant them administrative privileges. Enable file extensions and hidden files to spot suspicious file types. Use application whitelisting or blacklisting to control what programs can run on your devices.

04

Prepare for an incident

Have an incident response plan that outlines the roles and responsibilities of your team members, the steps to take in case of a ransomware attack, and the contact information of relevant authorities and experts. Train your staff on how to recognize and report ransomware attacks. Keep a record of your network configuration and inventory. Have a recovery plan that includes restoring your backups, reinstalling your operating system and applications, and changing your passwords.

Prevent Ransomware