Top Ransomware Viruses Attacking Businesses Today
Ransomware is one of the most virulent, persistent threats to individuals and enterprises around the globe. Businesses can spend years building up their reputation, including a commitment to the security of their customers, and yet have it torn down in seconds by one ransomware data breach. It’s not just small businesses or ones that don’t have a big budget for tech. From counties containing major cities, like Tillamook County in Oregon, to media law firm Grubman Shire Meiselas & Sacks and California-based Communications & Power Industries (CPI), even the largest enterprises and governments aren’t immune to ransomware.
Today we’re looking at the top five ransomware programs, dangerous and ever-evolving, of the year, and how you can protect your business from attack.
What Is Ransomware, Exactly?
You’re probably familiar with malware and phishing scams. Ransomware is pretty much what it sounds like – malicious software that demands a ransom. Cybercriminals can block entities, from individuals to global corporations, from accessing their own data by encrypting it with a key only they know. The hackers add extensions to the data to prevent your or your IT team from breaking the encryption, holding it hostage until you pay the demanded ransom. If you don’t, the data may be deleted, leaked, or sold.
Even more worrisome, ransomware may lie dormant in your system and may even be backed up with legitimate files. in these cases, the extortionist can demand a ransom for part of the data, have it paid, and then activate ransomware lurking elsewhere in your servers, shared drives, cloud, or individual computers.
Cybersecurity is like an endless game of cat-and-mouse, with security experts counteracting malicious software and building protective programs and the cybercriminals creating new iterations of the malicious software. Therefore, protecting your company against incursions is an ongoing, complex process.
The Monetary Effect of Ransomware
The financial impact of ransomware is estimated to double year over year, according to TechTarget. The average ransomware payment increased by over 40% in Q4 of 2020. To put that in dollars, payments increased from $154,108 to $220,298 in a three-month span.
Part of the reason for the notable increase in ransomware in 2020 is due to the increase in remote workers, especially since many companies and individuals weren’t equipped to handle the shift. Home users accessing company networks created the biggest vulnerability and thus the surge in cyber attacks. The cyber threat has evolved, and cybercriminals are getting more sophisticated – and more greedy. The current trend is to launch back-to-back attacks on ransomed companies or individuals.
Industries with the most risk for ransomware attacks are those in the BFSI verticals: banking, insurance, and financial services, plus IT, manufacturing (for proprietary information), and government.
The Five Most Dangerous Ransomware Attacks
Maze is perhaps the best-known ransomware discovered in May 2019 by Jerome Segura. It’s a global threat that was previously known as “Cha Cha” ransomware and uses exploit kits such as Spelvo and Fallout to deploy its attacks.
It’s an innovative approach and focuses on threats of publishing sensitive information if the ransom isn’t paid. It encrypts all files and threatens internet release. Individuals and companies don’t really have recourse since the damage of leaked information by Maze has already damaged their reputation. Some companies that have fallen victim to Maze include Xerox, Canon, and Cognizant.
This is a file-blocking virus that encrypts a victim’s files and then sends a ransom message. Failure to pay the ransom on time results in the demand being doubled. The REvil cohort actually started an auction site to sell stolen data, which means that companies won’t know who ends up with their sensitive information.
It’s been more infamous for targeting A-list celebrities and threatening to auction their personal information on the Dark Web through their network of auction sites. Some examples of REvil’s stolen data include computer files from Barbara Streisand, Bruce Springsteen, and Bette Midler, along with a legal document of Madonna’s tour contract. Other celebrities who were attacked include Drake, Elton John, and Mariah Carey. While the organization seems to have gone offline recently, it could be simply going quiet.
Ryuk ransomware is arguably the biggest “player” in ransomware and certainly one of the most active. This software can access files on a system, files on a device, or even the entire system itself, using encryption until the ransom is paid. It uses TrickBot to infect the system, or software called Remote Desktop, to mirror a user’s device and thereby gain access to the system. Robust algorithms such as RSA and AES use a unique key for each victim and unique keys within the system.
Ryuk’s preferred targets are government agencies and larger companies who can pay large ransoms rather than individuals. EMCOR, a US-based Fortune 500 company, is one of the most notable victims, and the company suffered a loss of some of its IT systems.
It uses different techniques to remain hidden. First, it can deny an administrator access to the system and then follow up with an attack on file servers and the domain controller. It’s known for taking advantage of weak passwords or compromised ones, which makes remote workers or those who haven’t changed passwords often especially vulnerable.
This is one of the newest ransomware threats. It’s also known as Mailto and targets various victims, from individuals to governments, healthcare organizations, and enterprises. It starts by encrypting all Windows devices connected to the network o fits victims and uses an embedded configuration that includes file names, ransom notes, and several configuration operations.
NetWalker, also known as Mailto, is one of the newest variants of the ransomware family. Various remote working individuals, enterprises, government agencies, and healthcare organizations have reported being attacked by NetWalker last year.
NetWalker spreads in two ways. First, it uses Covid “phishing” emails that contain a VBS script. Then, the executable files spread throughout the recipient’s network.
How Can I Prevent Ransomware Attacks?
Fortunately, ransomware attacks are preventable. Organizations and individuals both can use many of the same tricks, including:
- Be very careful when clicking links or attachments from unsolicited emails
- Don’t download “cracked’ software or software from unsecured websites
- Back up all sensitive data and files in an offline data storage center
- Update any plug-ins in your software regularly – these are especially vulnerable to cyber attacks
- Use strong passwords, and avoid reusing passwords
In addition, government organizations and businesses should also focus on areas that may have exposure to ransomware. The owner or IT Director may wish to have an outside cybersecurity consulting firm analyze their network and security protocols, looking for outdated protection and noting any security risks. As a business owner, implement a company culture of security awareness, including limiting access to sensitive files and making employees aware of the danger of password-sharing.
Cyber-resilient company culture and a focus on best practices to prevent cyber attacks – not just from ransomware but other malware – can significantly reduce the risks for ransomware attacks.
The advice from many security companies is not to pay the ransom if you’re a victim. There may be recourses through a network of government agencies. However, the best way to avoid paying ransomware is to protect yourself, your company, and your clients against threats. Implementing stricter security protocols, as well as re-training your staff to embrace proactive measures, can be your best protection.