Increasingly more sophisticated and sneakier ransomware strains are making the lives of cybersecurity professionals more difficult than ever. A piece of malicious software, which we now know as ransomware, was created with a clear goal in mind: extortion.
Almost undetectable by anti-malware software and spam filters, ransomware generally enters the user’s PC via an email, which often seems benign. If the user clicks the link or downloads the malicious file, there’s not a lot that can be done. Once the malicious program enters the PC, it immediately encrypts most of the files that are on the hard disk and issues a ransom note. If the user wants to regain control over the encrypted data, paying the ransom is the only way out.
Ransomware Strains to Know
Given their almost untraceable nature and effectiveness, ransomware programs constitute a significant security risk that shouldn’t be ignored. Here are a few strains security professionals consider to be the most dangerous ones.
Back in 2017, WannaCry was responsible for what’s now known as the most significant ransomware attacks registered so far, causing havoc in more than 150 countries all over the globe. Affecting thousands of businesses and public institutions such as hospitals, banks, or airports, WannaCry exploited the vulnerability of Windows’ Server Message Block protocol. The affected computers displayed a $600 ransom message in exchange for the key that unlocked the encrypted data.
While still recovering from the crisis caused by the merciless WannaCry ransomware, businesses and public institutions had to face yet another security challenge: Petya/NotPetya ransomware. Unlike the previous Petya version, which held the system hostage, NotPetya aimed at permanently destroying data instead of asking for a data recovery ransom. The ransomware reached computers via phishing emails and unsecure websites.
This ransomware caught the world’s attention when it attacked the Hollywood Presbyterian Medical Center, forcing the hospital to shut down its IT systems and pay a $70,000 ransom. This ransomware not only encrypted data but also connected network systems and Volume Snapshot Service files, making data recovery virtually impossible. Usually distributed via spam campaigns, Locky is an extremely successful ransomware that tricks thousands of users to download malicious files while disguised as useful software.
Disguised as an Adobe Flash installer and hidden on legitimate websites, the Bad Rabbit ransomware was manually downloaded by thousands of users from all over the globe. This proves what’s often stated but not taken seriously: Human interaction is the reason for most system infections that occur. Among its most notorious victims, we can highlight the Russian Interfax news agency and the metro system in Kiev. Once the computer is infected, the user is redirected to a website where a ransom message appears.
With Saw, the famous horror movie, as a source of inspiration, this sophisticated and brutal ransomware displays the image of Billy the puppet, a red digital clock that ticks down and a ransom note. When executed, it not only encrypts files, but it also deletes them every hour and increases the ransom fee as time elapses, thus forcing the user to pay to save the remaining files.
What makes this highly destructive ransomware stand out from the rest is its ability also to infect drives that had been previously connected to the affected system, corrupting and overwriting even the boot file of the operating system. This means if a single machine on the network is infected, others are in danger as well. When the infected computer restarts, the normal login screen is replaced with a ransom message.
How Can Users Fight Ransomware?
In an increasingly more aggressive and destructive cyberthreat landscape, getting acquainted with the inner workings of your invisible enemy will help you prevent malicious software from infecting your devices.
Though difficult to detect and stop, there are several prevention strategies that any user can put into practice to keep ransomware at bay. The first step is to be cautious with suspicious emails, especially those that ask you to enable macros or download files. Using an antivirus tool and a VPN service can also significantly improve your computers’ and networks’ security. Additionally, periodic data backups, strengthening login credentials, patching endpoints or disabling administration tools that your system does not need are other ways to ensure overall virtual security.