Ransomware had a good year in 2017. For the first time ever, we saw several “cryptoworm” variants self-propagate across vulnerable workstations around the world. We also witnessed more traditional ransomware families cause remarkable damage to victimized organizations as well as strains that embraced novel tools and techniques.

Here are 10 of the most significant ransomware attacks from the past year. (For the purposes of this article, “most significant” does not account only for the number of users affected. It also takes into account other factors such as distribution, costs, updates, and potential damages for future victims.)

  1. Unknown

On 26 July 2017, Arkansas Oral & Facial Surgery Center suffered an attack at the hands of an unknown ransomware. The incident didn’t affect its patient database. However, it did affect imaging files like X-rays along with other documents such as email attachments. It also rendered patient data pertaining to appointments that occurred three weeks prior to the attack inaccessible.

At the time of discovery in September 2017, Arkansas Oral & Facial Surgery could not determine whether the ransomware attackers accessed any patients’ personal or medical data. It therefore decided to notify 128,000 customers of the attack and set them up with a year of free credit-monitoring services.

  1. Reyptson

Emsisoft security researcher xXToffeeXx detected a new ransomware threat called Reyptson back in July 2017. Upon successful infection, Reyptson checks to see if Mozilla’s Thunderbird email client is installed on the computer. If it is, the ransomware attempts to read the victim’s email credentials and contact list.

The threat isn’t interested in viewing this data to compromise the victim’s privacy. Instead it leverages those contacts to conduct a spam distribution campaign from the victim’s computer. Each of those spam messages comes with a fake invoice document that contains an executable responsible for loading up (Read more...)