Ransomware is a type of malware attack in which the attacker encrypts and locks the data and important files of the victim, then demands money to open and decrypt the data.
This form of attack infects the victim’s device, which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal, or other endpoint, by exploiting human, system, network, and software weaknesses. In this article we wanted to show you the samples of ransomware and the distribution techniques from these attacks.
At Maddlogic, we help businesses put solutions to malware attacks and offer what we can do to combat it so we can prevent it from affecting our business in a negative way. Let’s first take a look at the attack samples below:
RANSOMWARE ATTACK SAMPLES
There are numerous types of ransomware. We’ve included a few cases of malware that have had a global influence and caused extensive damage.
1. WannaCry
- WannaCry is an entry-level ransomware that takes advantage of a flaw in the Windows SMB protocol and uses a self-propagation mechanism to spread to other computers. WannaCry is distributed as a dropper, which is a self-contained software that extracts the encryption/decryption application, encryption key files, and the Tor communication program. It is not disguised and is pretty simple to find and remove.
2. Cerber
- Cerber is a ransomware-as-a-service (RaaS) that cybercriminals can employ to carry out assaults and disseminate their riches with the help of the virus developer. Cerber runs invisibly while encrypting files, and it may try to disable antivirus and Windows security measures to prevent users from reinstalling the operating system. It shows a ransom message on the desktop wallpaper after successfully encrypting files on the system.
3. Locky
- Locky can encrypt 160 different file types, most of which are utilized by designers, developers, and testers. It was released for the first time in 2016. Exploit kits and phishing emails are the most common methods of distribution—attackers send emails encouraging users to open a Microsoft Office Word or Excel file with malicious macros, or a ZIP file that extracts the malware and installs it.
4. Cryptolocker
- Email, file-sharing sites, and unprotected downloads are the most common ways it infects PCs. It can encrypt data not only on the local machine, but also on mapped network devices and files that it has authority to write to. Crypolocker has evolved to be able to evade outdated antivirus software and firewalls.
5. NotPetya and Petya
- Petya is a ransomware infection that infects a computer and encrypts the entire hard drive by gaining access to the Master File Table (MFT). Although the files themselves are not encrypted, this renders the entire disk inaccessible. It was only a problem for Windows systems.
- NotPetya was distributed via a backdoor in accounting software at first. NotPetya encrypts not just the MFT, but also the rest of the hard drive’s data. While encrypting the data, it causes it to be damaged to the point that it cannot be recovered. Users who pay the ransom will not be able to retrieve their data.
RANSOMWARE DISTRIBUTION TECHNIQUES
When a victim follows a link, visits a web page, or installs a file, application, or software that contains malicious code designed to covertly download and install ransomware, the device becomes infected. This can occur in a number of ways:
1. Phishing email – Clicking on a link in an email that takes you to a malicious website.
2. Email attachments – Activating malicious macros in an email attachment; downloading a document containing a Remote Access Trojan (RAT); or downloading a ZIP file containing a malicious JavaScript or Windows Script Host (WSH) file.
3. Social Media – Clicking a malicious link on Facebook, Twitter, social media posts, instant messenger discussions, and other similar platforms.
4. Malvertising – By visiting a genuine advertising website that has been infected with malicious code.
5. Infected programs – Installing a program or application that contains malicious code.
6. Drive-by infections – Opening or closing a pop-up; or visiting a dangerous, suspicious, or phony web page. NOTE: A genuine web page can be hacked if malicious JavaScript code is introduced into the page’s content.
7. Traffic Distribution System (TDS) – By clicking a link on a valid gateway web page that redirects the user to a malicious site based on the user’s geo-location, browser, operating system, or other filter, the user is taken to a malicious site.
8. Self-propagation – Using network and USB drives to spread the malicious code to other devices.
Ransomware can lie dormant and infect your backups before triggering and locking you out of systems. Taking steps in advance can help to protect against and prevent a cyber attack from occurring in the first place. And as business owners and organizations, we should be diligent and not wait for the worst-case scenario.
We hope you’ve learned a lot from this blog. But, this is just part 1! Watch out for the second part of our ransomware blog which is coming out soon!
A proactive approach to stopping ransomware by having a system to protect your overall company data is the best way to keep your business safe. Create a disaster recovery plan and learn more about this topic to stay ahead of hackers and avoid needless monetary losses and reputation damage. You can shoot us a message and we’ll be happy to answer your questions!
So, if your business hasn’t equipped itself with security controls that can work proactively and prevent evolving cyberattacks, then it’s high time to enhance your enterprise cybersecurity. MaddLogic can do the work for you with a unified endpoint management solution.
Don’t forget to follow us at @maddlogic! Start your MaddLogic journey today!