Biggest Ransomware Attacks In History

A prominent threat to companies and individuals has been ransomware since the mid-2000s, Hackers utilize the weakness of security and keep the data of organizations and governments, demanding massive ransom amounts, Here are the Top 5 Biggest Ransomware attacks in history.

1. TeslaCrypt

This is the most popular ransomware that was first discovered in early 2015. After its exposure, it went through various versions and brought many changes. It began with the utilization of social engineering which made the user click on it that leads to a phishing email which in turn added spiteful attachments to these emails.

TeslaCrypt was spread via Angler and Nuclear browser exploit kits. These kits have tools for cybercriminals to disperse their malware that exploits well-known software, for instance, Internet Explorer, Adobe Reader, Microsoft Silverlight, etc. They encode user files, message them for a ransom of $500 in bitcoins to gain the solution to decode the files. Profoundly, the master key for decryption was available to the public in 2016, by the creators of TeslaCrypt.

2. Wanna Cry

In May 2017, businesses across the world were stroked with a piece of malware named, WannaCry. This infected around 7000 computers with 110000 different IP addresses within two days. This made, WannaCry the most notoriously and devastating ransomware attack in history. Various institutions lost control over their processes.

WannaCry came as a phishing email that circulates that converted channels and exploited the Windows SMB vulnerability. At first, there was a demand of $300 bitcoins in the time frame of three days and later it increased to $600 in six days. These commonly targeted office files, like word documents, presentations, data files, videos, graphics, archives, program files, etc. This ransomware fits itself into any random folder with the file name as “tasksche.exe” or inside ‘C:\Windows\‘ folder with the filename “mssecsvc.exe” and “tasksche.exe“.

WannaCry ransomware crisis, one year on: Are we ready for the next global  cyber attack? | ZDNet


3. REvil – Ransomware and Evil

A major attack that ever occurred on 4th July when all the businesses were celebrated, during the Independence Day long weekend. It was being conducted by the Russia-linked hacker organization. This supply-chain ransomware attack grasped a vulnerability in Kaseya VSA software in opposition to multiple managed service providers (MSPs) and their customers. It first appeared in April 2019 and is distinguished with its capacity as the number of measures it takes to avoid its detection. Just like others, even REvil is ransomware as a service (RaaS).

It is being reported that REvil demands millions of dollars to end the attack. After the businesses opened, it came to be known that they had been attacked with the virus. The hackers asked for a ransom of $70 million in cryptocurrency for the decryption of the servers and systems. For immediate action, the FBI asked the businesses to shut down the VSA servers and report it. This leads to helping the agencies analyze the situation to give certain possible solutions.

4. NotPetya

In Ukraine, June 27, 2017, brought the outbreak of new ransomware named NotPetya. It then spread across Europe and affected many industries, banks, airports, etc. This caused $10 million of damage to businesses and is known as one of the biggest attacks in history. The victims report that the attackers encrypt hard drives and then prevent access to the entire system by robbing the user’s Windows credentials. After affecting one desktop, it scans the local network and affects the other desktops as well.

The vector was not that well-known initially The initial NotPetya infection vector is not yet precisely known, but some sources point to a spread through Ukrainian accounting software called MeDoc. The hackers first took over the updated servers, collected the information, made up a false update block, and distributed it through the software.

5. SamSam

This was first detected at the end of 2015 and came into force at the start of 2018 crashing organizations. This was used in opposition to particular institutions like, hospitals, schools, etc., which pay to get their data back. In fact, SamSam ransomware pays a sky-high amount than the ransomware marketplace average. This ransomware is the biggest attack that occurred in the world as it earned creators around US$6 Million since 2015.

The hackers behind this attack gained access to the owners’ network and applied tactics against weak passwords of the Remote Desktop Protocol (RDP). After entering the network, the attacker utilized certain tools to exploit the data and information, to become the admin. This takes a lot of days to process and its believed that the attacker was waiting for an admin to log in. This ransomware does not spread independently as it doesn’t have virus capabilities.

Protection Against Ransomware Attacks

Certain users and companies follow steps to reduce the risk of being a victim. So, given below is a list of few measures you need for your business.

  • Frequent & Tested Backups: take backup of all the crucial files and system as its one of the major defense mechanism against ransomware. The backup also needs to be tested to ensure the data is complete.
  • Structured & Regular Updates: Software are been updated regularly by most of the companies, but this may contain certain patches to make the software more secure.
  • Sensible Restrictions: Limitations are put forth on employees and contractors which:-
    • Indulge with devices that contain company files, records, programs, etc.
    • Using devices which are linked to company networks that prone to be made vulnerable.
    • Are third-party or temporary workers.
  • Proper Credential Tracking: Be it any employee, contractor, or a person who gives allowance in the system to make a potentially vulnerable point for the ransomware.in turn, unable to update passwords, uneven restrictions, etc. tend to have a higher chance of being attacked at these points.

Conclusion

Ransomware incidents can lead to certain serious effects on your business and leave the organization without anything to operate on. The attacker’s tactics over time have changed and the amount demanded is tremendous. The 5 attacks covered above illustrate what makes these attacks really disastrous.

In cyber security, it is important to stay current and competitive to succeed. Keep an eye on our weekly blog posts. Why not start with reading 5 Biggest Cyber Attack in History

Leave a Reply

Your email address will not be published. Required fields are marked *