Ransomware is a malware that encrypts files in a victim’s device. Attackers use drives or downloadable files to get the malware into the victim’s device and once the files are encrypted, the attackers demand a ransom to decrypt the files and restore access back to the users. Ransom payments must be made through cryptocurrencies and usually range from a few hundred dollars to a few thousand dollars.
Although the origin of ransomware can be traced back to 1991, these attacks have gained more prominence in the last 10 to 15 years, with the rise of cryptocurrencies which enables the attackers to keep their identity secure. Know more about ransomware here.
There are many ransomware attacks that have happened over the years. These are some of the prominent ones.
DarkSide is a ransomware gang that is believed to be operating out of Russia. One of the most recent ransomware attacks took place in May 2021 wherein DarkSide attacked Colonial Pipeline, the largest fuel pipeline operator in the United States. Given the attack, Colonial had to shut down all four of its pipelines that serve the Eastern and Southeastern United States. This had a trickle down effect leading to rising gas prices and stations running out of fuel. Colonial Pipeline paid the hackers nearly USD 5 million in ransom, as per an article by NBC News.
Ryuk, 2019 and 2020
Ryuk gained prominence after it affected the operations of major newspapers in the United States in 2018. Since then, more than 100 companies have suffered Ryuk attacks. This ransomware is spread mainly through malicious emails or phishing emails, containing dangerous links and attachments. Its ransom amount to decrypt a system can exceed USD 300,000 and has been known to be one of the more expensive ransomwares around.
Zeppelin started getting noticed in November 2019 with various attacks targeting the healthcare and technology sectors in North America and Europe. Zeppelin is known to be a descendent of the Vega or VegasLocker ransomware family, a ransomware-as-a-service family that wreaked havoc across accounting firms in Eastern Europe and Russia.
SamSam ransomware was identified in 2015 but only gained prominence in 2018. This ransomware has targeted high profile organisations including the city of Atlanta, the Colorado Department of Transportation, the Port of San Diego and numerous healthcare facilities. This ransomware works dutifully to transfer access and privileges to the attacker to ensure that the attack is damaging to the victims. An interesting fact about SamSam is that the victim is asked to make a first payment to unlock only a few machines as a sign of honesty.
Petya gained prominence in 2016. This ransomware was spread through emails with malicious attachments including emails that looked like job applications with the applicants photograph. Once in the system, Petya infects boot records of machines that use the Windows operating system. It proceeds to block the entire OS. Organisations including National Bank of Ukraine, Mondelez, Merck and Rosneft have been infected with Petya. This ransomware is known to have caused damages of more than USD 10 billion.
Ransomware attacks are on the rise and hackers are becoming more intelligent with their attacks. Therefore, it is imperative that organisations keep their security systems up to date and vigilant.
Globe Detective Agency has a team of cybersecurity experts on board and decades of experience in the field. If you think your device has been compromised or would simply like to know more about ransomware and cybersecurity, get in touch.