Since the start of the global COVID-19 pandemic, cybersecurity researchers have shown that ransomware attacks have doubled over the past year. This in-part is due to more people working from home. With more people working from home, it creates an absence of cybersecurity measures that are not being followed. As organizations scramble to adapt, cyber criminals are taking advantage of this opportunity to exploit people’s fears and confusion to reach their goal.
With the above being said, here are the top 5 ransomware your organization should be looking out for.
REvil is a relatively new ransomware that has been taking the world by storm recently. Some of its recent targets have been celebrities, the media, and entertainment lawyers specifically. Like most ransomware, REvil is a file-blocking virus that encrypts the victim’s files and spits out a message to inform the victim that a ransom needs to be paid in order to get their files back. What’s more, is that if the ransom isn’t paid in the allocated amount of time that the message states, the ransom will get doubled.
Additionally, the cyber criminals responsible for deploying this ransomware added an auction feature to a dark web website that allows other cyber criminals to bid on the information that’s been stolen. So not only can the criminals make off with the ransom but they could continue to auction it off to make even more money.
Ryuk has been around for a few years and still remains to be one of the most active ransomwares out there. Like most other ransomware, Ryuk will infect the system, encrypt the system files and then display a ransom note instructing the victim to pay a ransom. The professionals that operate these attacks go by the name WIZARD SPIDER and share a common methodology of “Big Game Hunting”. This means that they only target large corporate enterprises that would be able to give them a large ransom payment. Ryuk uses a banking trojan known as TrickBot to harvest personal information such as banking information, account credentials, and any other personal identifiable information.
Fortunately, if you’re business is on the smaller to medium scale you shouldn’t have to worry about Ryuk wreaking havoc on your network.
Maze ransomware is one of the most destructive ransomware attacks in 2020-2021 and is one of the most challenging ransomware organizations are facing today. The reason it’s so destructive is that before encrypting all of an organization’s files, they first steal them. After they steal the files, they threaten to publicize every file if the ransom isn’t paid on time. Even if a company does regular back ups (which they should) and refuses to pay the ransom, these cyber criminals will post everything online anyway.
According to Cisco Talos Incident Response engagements, the average life cycle of Maze would look something like this:
What’s interesting about DoppelPaymer is that it originally had no intentions to be malicious and was to only be used for testing purposes. Unfortunately, 8 different variations (so far) of the ransomware have been discovered and attackers are using it to target organizations in critical industries.
What’s more is this ransomware uses command-line parameters in order to execute its routines. However, it’s been discovered that there are multiple parameters that can be entered thus giving different samples for researchers. This in-turn, makes it very challenging for security researchers to isolate the malware and reverse engineer it because it keeps changing.
Tycoon is a relatively new ransomware type that mainly targets the education and software industries. What makes Tycoon unique is that it doesn’t act like any ordinary ransomware. The ransomware gets added to a trojanized version of the Java Runtime Environment. Not too much is known about this ransomware as the attackers use a multitude of techniques in order to stay hidden. What we do know, however, is that their victims have been limited
Once Tycoon is on the target system it starts by denying access to all administration accounts which then launches more attacks on file servers and domain controllers. Tycoon also really takes advantage of weak passwords which makes it especially important for these industries to have strong password polices.
There are multiple ways your organization can prevent these types of attacks from occurring on the network. By following these tips, you can better strengthen the security posture of your organization: