What one word can strike fear into end users, security pros, and CIOs? Ransomware. This malware has raised to infamy recently with many major-headline attacks hitting all over the world. These recent attacks don’t indicate a new form of attack, ransomware has actually been around just about as long as malware has, and looks to be here to stay.
With the major attacks gaining media attention recently, we wanted to do a quick dive into some ransomware’s history and share a little information about the 5 worst ransomware attacks to happen and the lessons learned.
The top 5 most damaging ransomware attacks:
PC Cyborg, AKA the AIDS Trojan
In 1989, years before “ransomware” even became a common term, the first attack hit demanding $189 be sent to a post office in Panama. The malware started by Dr. Joseph Popp who distributed 20,000 floppy disks to attendees at an AIDS conference that allegedly contained a research program to help with the study of AIDS. It waited 90 reboots before changing file and directory names. This gave it time to spread to multiple who passed the disk along. It’s uncertain how many victims mailed the ransom money before someone created a way to recover files.
This is a classic don’t click on email attachments attack. CryptoLocker burst onto the scene in 2013 and really opened the age of ransomware on a grand scale. After attachments from spam messages were opened, it used RSA public key encryption to seal up user files, demanding cash in return for the decryption keys. It infected more than 500,000 systems and estimated to have earned $3 m to $27m in ransom. CryptoLocker also led to variations of imitations such as CryptoWall and TorrentLocker. This attack shows the importance of email security. The right spam blocker technology and antispam filtering can help bring the end of junk email.
This attack led multiple healthcare companies to fall victim. For example, Hollywood Presbyterian Medical Center paid 17k to recover patient data records. LOcky combed social engineering with a Word macro that did not seem to carry anything obvious. A Word document would be disguised as an invoice, but would prompt the victim to enable macros in order to render properly. The macro would then download the malware, encrypt the victim’s data and demand a ransom. With the right employee training and security education, this security hassle could have been greatly minimized.
The advanced ransomware encrypts the victim computer’s master file table rather than individual files and replaces the master boot record with a ransom note. This made the entire system unusable very quickly unless the ransom is paid. This was the first ransomware-as-a-service operation to hit the scene. Advanced Malware Protection is the most effective solution for known and emerging advanced threats such as Petya and its variants.
Most recent and probably most recognizable on this list is WannaCry which hit in May of 2017. The attack hit more than 200K systems in 150 countries. Using worm-like methods, it spread from an infected machine to others on the same network. What’s interesting is it utilized leaked hacking tools from the NSA and took advantage of a defect in Microsoft’s implementation of the SMB protocol.
The lesson from these ransomware experiences? It’s important to talk to your staff about phishing, patch your systems, have a tested data back up and disaster recovery plan, implement email and webfiltering, and utilize the best malware and ransomware protection.
If you want the best to defend and protect your network before, during and after a malware or ransomware attack, contact us about our portfolio of security solutions.