5 Worst Ramsomeware in the History of Malware
Ransomware – a word that can instill fear in the hearts of CIOs, end users and security pros alike. It is a company’s worst nightmare. As the company staff starts work with the thought of the day’s agenda and find themselves to be greeted by an on-screen timer where the digital counter keeps ticking off minutes. In place of the normal sign-in screen, this screen demands a ransom from the company to be paid in bit coins to an anonymous location as soon as possible before the time on the clock runs out and the information, software and the systems of the company destroyed. The company might have less than typically 24 hours to save this vulnerable and valuable work and hence are prompted to give in and make the payment in the urgency of the demand.
From the first ransomware to the most recent one, here are the five worst ransomware in the history of malware:
PC Cyborg, AKA the AIDS Trojan
Dates back to 1989 when there was an eminent advent of computerized sphere approaching into business,. The cloud of threatening fears also floated along the same. PC Cyborg ransomware, also known as the AIDS Trojan has been defining the phrase ransomware which by then owned a distinction of being the first widely known to encrypt files and extort a ransom. It spread by floppy disk and encrypted files. And demanded $189 ransom be sent to a post office box in Panama. This one exclusively expands from infecting machines through the first use and then waited for 90 reboots to be cropped up before changing file and directory names, rendering a system unusable, and presenting the demand. It does also allow ample time to spread to others as more and more floppies were shared over Sneakernet.
It renders using shadow copies as a recovery method ineffective and later on demands ransoms from $200 to $2000 dollars payable by Bitcoin or other methods.
Another exclusively acknowledged ransomware which has been streaking a head to head fear. Spreading by both email attachments and infected downloads, the most common vector was through the Cutwail spam botnet, this ransomware has hitherto been estimated to infect 625K computers and encrypted billions of files. Its infection had the unique approach of deleting shadow copies created by the Windows Shadow Copy Service. It renders using shadow copies as a recovery method ineffective and later on demands ransoms from $200 to $2000 dollars payable by Bitcoin or other methods.
In 2016, Locky gained infamy by successfully extorting data from a major US healthcare company. It had a new approach, combining social engineering with a Word macro that, by itself, did not carry anything obvious. Victims would receive a camouflaged Word document which appears to be an invoice, but that would prompt them to enable macros in order to render properly. When the user did, the macro would download the malware, encrypt the victim’s data, and demand the ransom in Bitcoin.
The government, recently issued alert for this ransomware which seems to have come back. Over 23 million messages with subjects like, “please print” and “important documents” are already in circulation and is demanding 0.5 bitcoins ( equating to 1.5 lakh) to unlock.
There has been a holistic approach from the ransomware named Petya which expanded its wings in 2016 to the world sector. By encrypting drives’ file system tables rather than individual files, it renders an entire system unusable. Following the same it goes on overwriting the Windows bootloader and forcing a reboot, which then leads to encrypting both the file table and file system while appearing to be a CHKDSK, giving it time to run. Once it has been encrypted, the ransom demand is presented as an ASCII image demanding payment via Bitcoin.
Most recent and prevalent ransomware attack experienced during the month of May 2017 is known as WannaCry. Its wildfire expansion so far infected more than 200K systems in 150 countries. WannaCry is perhaps most notorious for using worm-like methods to spread from an infected machine to others on the same network. What make matters so much worse are two things of distinction.
- The propagation method used attack code allegedly developed by the United States National Security Agency. It was stolen and released to the wild. The attack was codenamed EternalBlue and targets vulnerabilities in the Windows SMB protocol. It also did drop another piece of NSA code-named DoublePulsar RAT, for later access to victims’ systems.
- Those same vulnerabilities were patched by Microsoft in March of 2017. Companies that were current and up to date should not have seen this malware spread. It did suffer in large part from “self-inflicted wounds.”
Another aspect that makes WannaCry so distinct is the security researcher named Marcus Hutchins. He invented that the malware attempted to resolve the domain name and would shut down if it succeeded.
With one quick domain registration and a little more than US $10 later, Hutchins had effectively saved the Internet from this malware.
Precautions to Ransomwares
Experts claim that companies in all industry sectors per day, receive an average of 4,000 estimated ransomware attacks. Strong backups and redundancies are the initial line of defense against such attacks. The first thing to do when an attack becomes apparent is to disconnect all workstations and computers from the internet.
There are three types of tools to clean up ransomware from your computer. Firstly, the disinfection tools that need to certify the PCs clean before data is restored. It is a feature that is integrated into a small number of mainstream anti-virus programmers’.
Secondly, the aiding through decryption of specific ransomware attacks. Although these tend to be very limited. Further a lot depend on researchers recovering individual key databases after police action against the criminals. Thirdly, the protection tools, not strictly clean-up but interesting all the same. These use behavioral analysis to spot events that suggest ransomware is on a system and intercept it before it can do any damage.