During the first quarter of the financial year 2020, with so many people working from home because of COVID-19, the number of ransomware attacks doubled, and the main reason identified behind it was the lack of cybersecurity measures taken for working from home.
In fact, the cyberthreat landscape has evolved significantly over the past year due to the chaos created by cyber criminals, and consistent attacks on organizations have weakened their security. Take a look at some of the more dangerous attacks that have taken place over the year.
The Maze is an infamous threat to enterprises around the world. Previously known as ‘Chacha Ransomware,’ it encrypts stolen files and demands ransom from the organization for recovery. If the victim fails to pay, all this sensitive information is published onto the internet where everyone can access it. Recent victims of Maze include organizations like Cognizant and Xerox.
REvil is another ransomware virus where the victim’s files are encrypted once the system is infected, and they receive a request message explaining that they are to pay the ransom in bitcoin. If they fail to do so on time, the demand is doubled. Recent attacks by REvil include A-list celebrities and law firms, and several people found their information leaked onto the dark web.
Ryuk is one of the more active ransomware and also one of the biggest players among ransomware. It works by blocking access to files and systems (and in some cases, devices) until the ransom is paid. Ryuk uses other malware to infect the victims’ systems and uses robust military algorithms like RSA and AES to encrypt files using unique keys for each file so that it becomes harder for victims to recover it on their own. Ryuk mainly targets business giants and government agencies who can pay huge sums in ransom.
Tycoon is a fairly newer ransomware that has been targeting organizations in the software and education industries. This is an unusual kind of malware that is deployed in a trojanized version of Java Runtime Environment. It uses the Java image format to infect Windows and Linux systems. Tycoon tends to stay hidden using various techniques, and takes advantage of weak or compromised passwords to exploit servers. While the strain is constantly attacking systems, there are fewer victims than other ransomware.
NetWalker, also called Mailto, is one of the newest variants. Many remote workers over the past year have been attacked by NetWalker. From government agencies to healthcare organizations, remote workers have been a particular target. This strain compromises the victim’s network and encrypts all devices connected to it. It spreads through a VBS script that is attached to Coronavirus phishing emails, and through executable files that spread across networks.
The threat posed by ransomware is high, and the damage that can be done is irreversible, but fortunately, preventing ransomware attacks can become easy through following cybersecurity guidelines and implementing these practices religiously.