We are two decades into the 21st century, and if you don’t know what a “Ransomware Attack” is, then this article is a must-read for you. Theives have been in existence ever since people have had possessions. In ancient times, thieves preyed upon those less aware of their surrounding and deprived them of their treasures. But as time has changed so has the treasure and consequently, so have the thieves.
In 2021, Data is the new oil, and hence one of the most valuable asset anyone, including malicious actors, can get their hands on. We store not just our family photos, videos online but also our bank account information, high-value documents like a contract, sensitive personal information, so on and so forth.
There are people or, more correctly, groups of people who prey on online unmindful computer users and do a whole lot of worse things than steal their data. Including but not limited to encrypting it so that no one can access it, selling it to the highest bidder on the deep web and in some cases, blackmail followed by physical confrontation.
For the uninitiated, Ransomware is a type of Malware or malicious software, which, when executed, encrypts the files on your computer and then asks for a ransom, hence the name “Ransomware,” particularly in the form of Bitcoin, to unlock them.
Since you know how important online security is, here are some of the major Ransomware attacks you need to be on the lookout for.
Maze Ransomware Attack
You might not know Maze Ransomware, but you surely know its latest prey, the tech giant Cognizant. Recently, the new-Jersey based tech company confirmed that they were hit with a Maze Ransomware attack.
The Maze Ransomware encrypts all files on the system or the server. After that, the hackers behind the attack ask for extortion money for not leaking any data on the deep web.
This Ransomware was first discovered by Malwarebytes director of Threat Intelligence Jerome Segura in May 2019. The virus penetrates by gaining access to lesser privilege systems and then slowly working up the chain.
During its early days, Maze Ransomeware was spread by websites using an exploit kit for example Fallout EK, which is a Flash Player vulnerability. Now you know one of the reasons why Windows no longer support Flash player.
To encrypt files on a computer, Maze uses two algorithms “ChaCha” and “RSA.” Following encryption, the program adds a string of random 4-7 characters at each file’s end. Often times thousands of dollars of data is usually lost.
REvil Ransomware Attack
As horrible as it may sound, infecting people’s computer with Malware is a big industry. It needs to be a big industry because the scale at which they operate, infecting big enterprises, handling millions of dollars worth of cryptocurrency, requires a huge infrastructure. These hackers are not what you see in movies, a random guy sitting in a basement. These are a group of professionals, with high tech equipment, infrastructure and resources, sitting in a basement.
Similarily, REvil is a RaaS. If that sounds familiar then it is, it is based upon SaaS, which means Software As A Service. Ransomware being another kind of software represents an offer by online criminals to attack an IT industry. It’s a part of the deep web and not a place for the faintest of heart.
REvil ransomware blocks access to files after infection and demand payment in Bitcoin for unlocking them. If the victim fails to pay money on time the ransom amount doubles.
Most of the time, attackers use phishing to gain access to a certain company to spread the REvil Ransomware.
Attackers using Ryuk Ransomware mainly attack big corporations, enterprises etc. WIZARD SPIDER, a sophisticated eCrime group, has been operating the Ryuk Ransomware since August 2018. In the terminology of online criminals, the big enterprises are known as “Big Game Hunting.”
The attackers are a Russia based group famous for using trickbot banking malware for bank wire fraud. In total, these attackers have claimed over 705.80 Bitcoin as ransom from their users.
They spread the ransomware via spam, emails or Emotet, a trojan software targeting baking systems.
It is another ransomware that not only encrypts your file, blocking any access to them but leaks them online. The attackers using Nephilim ransomware use the file encryption process as a cover-up; in reality, they want to steal your files and sell them to the highest bidder on the deep web.
They do, however, demand ransom after stealing from you because who doesn’t like free money. Small and medium-sized enterprises are the main target of attackers using Nephilim ransomware.
With most of the world in Work-From-Home mode and people doing a lot of work through their personal laptops. Without enterprise-level security, attackers have an easy time using Nephilim ransomware to steal employees data.
Netwalker Ransomware works similar to REvil ransomware as a RaaS. It blocks access to content, meanwhile selling it online after packaging it in a password-protected folder. Naturally, they sell the key for a price.
They infiltrate an organisation by implementing phishing attacks to gain the credentials of a low-level access employee. Followed by data exfiltration and then encryption.
The notorious group also post hiring notifications on the deep web from time to time. The potential criminals need to speak Russian, have references and the technical know-how of hacking to join their club.
Amidst the COVID-19 Pandemic, these guys have taken advantage of hospital mail delivery systems to target patients and steal their records.
How To Protect Yourself From Ransomware Attacks
While an enterprise might need to employ multiple layers of security, for everyday users, these steps are sure to suffice:
- Always keep your data backed up in offline physical drives in case of an emergency.
- Keep your firewall updated to the latest security patch
- Keep your anti-virus updated
- Use a VPN service if browsing shady websites
- Never open a program or a document posing as a program sent to you via an unknown e-mail
- If you’re expecting an important mail, confirm with the sender the mail’s novelty before opening it.
These are a few healthy habits to implant in oneself while surfing online. The world is a dangerous place, but it shouldn’t be anymore, especially for us, because of our unawareness.