For decades, cybercriminals have successfully exploited flaws and vulnerabilities on the World Wide Web. However, in recent years, there has been a clear increase in the number of attacks, as well as an increase in their rate - attackers are becoming more dangerous and malware is spreading at a rate never seen before.
Introduction
We are talking about the ransomware that made an incredible leap in 2020, causing damage to thousands of organizations around the world. For example, in Australia, ransomware attacks such as WannaCry and NotPetya have even raised government concerns. To summarize the ransomware “successes” this year, we will look at the 10 most dangerous and most damaging organizations. Hopefully next year we will learn lessons and prevent this kind of problem from entering our networks.
1. NotPetya
The ransomware attack began with the Ukrainian accounting software MEDoc, which replaced 1C, which was banned in Ukraine. In just a few days, NotPetya infected hundreds of thousands of computers in over 100 countries. This malware is a variant of the older Petya ransomware, except that the NotPetya attacks used the same exploit as the WannaCry attacks. As it spread, NotPetya affected several organizations in Australia, such as the Cadbury chocolate factory in Tasmania, which had to temporarily shut down their entire IT system. The ransomware also managed to infiltrate the world's largest container ship, owned by Maersk, which reportedly lost up to $ 300 million in revenue.
2. WannaCry
This ransomware, terrible in scale, has practically taken over the entire world. Its attacks used the infamous EternalBlue exploit, which exploits a vulnerability in the Microsoft Server Message Block (SMB) protocol. WannaCry infected victims in 150 countries and over 200,000 machines on the first day alone. We have published a personal file of this sensational malware.
3. Locky
Locky was the most popular ransomware in 2016, but it has not stopped operating in 2020. New variants of Locky, dubbed Diablo and Lukitus, emerged this year, using the same attack vector (phishing) to target exploits. Locky was behind the Australian Post email fraud scandal.
4. CrySis
This instance excelled in its masterful use of the Remote Desktop Protocol (RDP). RDP is one of the most popular ways to distribute ransomware, as cybercriminals can thus compromise machines that control entire organizations.
5. Nemucod
Nemucod is spread using a phishing email that looks like an invoice for shipping services. This ransomware downloads malicious files stored on compromised websites. In terms of phishing emails, Nemucod is second only to Locky.
6. Jaff
Jaff is similar to Locky and uses similar techniques. This ransomware is not remarkable for its original methods of distributing or encrypting files; on the contrary, it combines the most successful practices.
7. Spora
To distribute this type of ransomware, cybercriminals hack legitimate sites by adding JavaScript code to them. Users visiting such a site will receive a pop-up warning prompting them to update their Chrome browser to continue browsing the site. After downloading the so-called Chrome Font Pack, users became infected with Spora.
8. Cerber
One of the many attack vectors that Cerber uses is called RaaS (Ransomware-as-a-Service). According to this scheme, cybercriminals offer to pay for the distribution of the Trojan, promising a percentage of the money received for this. This “service” allows cybercriminals to send out ransomware and then provide other attackers with tools to distribute.
9. Cryptomix
It is one of the few ransomware that does not have a specific type of payment portal available within the dark web. Affected users must wait for cybercriminals to email them instructions. Cryptomix victims were users from 29 countries, they were forced to pay up to $ 3,000.
10. Jigsaw
Another malware from the list that started its activity in 2016. Jigsaw inserts an image of a clown from the Saw movie series into spam emails. As soon as the user clicks on the image, the ransomware not only encrypts but also deletes the files in case the user delays in paying the ransom, the size of which is $ 150.
Conclusions
As we can see, modern threats are using increasingly sophisticated exploits against well-protected networks. While increased employee awareness is helping to cope with the impact of infections, businesses need to go beyond basic cybersecurity standards to protect themselves. Defending against today's threats requires proactive approaches that leverage real-time analysis capabilities based on a learning engine that includes understanding the behavior and context of threats. You have to more depend on cloud antivirus rather than traditional antivirus so that your security protection will be totally cared for by the cloud server organization.
No comments:
Post a Comment