Ransomware attacks have become far too many and frequently occurring. 2017 has definitely not been the best of years when it comes to encountering malicious malwares. After infamous WannaCry, Petya/ NotPetya, there is another surging global cyberattack – Locky. Don’t get confused with Marvels’ Avengers’ anti-hero, Loki because Locky ransomware is anything but amusing. Media reports confirm the re-emergence of Locky ransomware with new email distribution campaign. It has been touted as one of the largest malware campaigns in the latter half of 2017. Locky rose to prominence in 2016 following a number of high-profile infections, which was later usurped by Cerber. But now it is very much back and threats are too real to be ignored. Here’s a look at five times malware attacks wrecked havov worldwide in recent times.
Locky is considered to be the most malicious ransomware because of the lack of loopholes in it. The creators of Dridex botnet have not only encrypted a wide range of data files, but even Bitcoin wallets and Windows Volume Snapshot Service (VSS) files just in case users try and restore files using that. The Locky ransomware is spread via Java attachments. The ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours on August 28, zdnet.com reported. According to the Indian Computer Emergency Response Team (CERT-In) alert, the messages contain familiar subjects like “please print”, “documents”, “photo”, “Images”, “scans” and “pictures”. Victims are presented with a ransom note demanding 0.5 bitcoin ($2,300) in order to pay for “special software” in the form of a “Locky decryptor” in order to get their files back.
2. WannaCry Ransomware
In May 2017, WannaCry ransomware unleashed a wide-scale global cyberattack. The ransomware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and later on demanded ransom in Bitcoin. The attack began on May 12, 2017, infecting more than 230,000 computers in over 150 countries, which included hospitals, banks, telecommunications companies and warehouses. Also known as Wanna Decryptor, leverages a Windows SMB exploit called Eternal Blue, which allowed hijacking of computers running on unpatched Microsoft Windows operating system. Despite a security researcher accidentally finding a ‘kill switch’, hackers have made the fix in new versions.
3. Petya/ NotPetya Ransomware
Petya comes from the family of encrypting ransomware. On June 27, 2017, a new variant of Petya unleashed a global cyberattack, primarily Ukraine, where more than 80 companies were initially targeted including National Bank of Ukraine. This new version was named NotPetya by Kaspersky Lab. It spread quickly through networks that use Microsoft Windows and was attacking “complete energy companies, the power grid, bus stations, gas stations, the airport, and banks”. After infecting the computer, the NotPetya ransomware encrypted important documents and files and then demanded USD300, paid in Bitcoin.
4. Cloudbleed Bug
A security bug, Cloudbleed was discovered on February 17, 2017, by Google Project Zero team. It affected the CloudFlare, a popular content delivery network’s reverse proxies. According to a blog post from CloudFlare, “our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data”. CloudFlare, which is used by more than 5.5 million websites, leaked sensitive data such as passwords, messages, hotel bookings of CloudFlare customers and passed to any random customer that happened to be in the server’s memory at that particular moment.
5. RAA ransomware
Among the many ransomware attacks in 2016, RAA ransomware targeting businesses by installing ‘pony malware’. The data stealing Trojan was updated by installing malware and encrypt machines even if they’re offline. RAA was distributed by email with the malicious software dropping code hidden in a password protected Zip attachment to make it more difficult for anti-virus software to discover. The installation of the ransomware is executed with the opening of malicious .js file. The operation distracts the victim during installation by displaying a fake text document with a random set of characters before showing a ransom note and encrypting data with a .locked extension.