Top seven noticeable ransomware in 201906/07/2019
Ransomware is an extremely dangerous malware and cannot be recognized. That is a reason why ransomware is always a hot article as well as a threat to many Vietnamese enterprises and in the world.
Ransomware is considered as one of the biggest threat to software in 2018 and continue to damage the activities of enterprises and users’ lives all over the world 2019. The security researchers have been following more than 1.100 different ransomware variants and this number has significantly gone up recently. This can be seen that ransomware is more and more sophisticated and internet crime constantly creates any kind of dangerous ransomware. Below is a list of notorious ransomware in recent year that you should know for timely prevention.
1. Bad Rabbit
Ransomware Bad Rabbit occurred after WannaCry and NotPetya with a larger scale and infected many organizations especially in Russia and East Europe. Security expert of ESET and Proofpoint said that at first, Bad Rabbit was spread through the fake update package Adobe Flash but ransomware didn’t have any tools to move inside the net. This explains for the reason why Bad Rabbit spread so quickly in a short time.
If users clicked on this malware, their computers would be locked and they had to pay 280 dollars Bitcoin within 40 hours to complete the payment.
Cerber, which is one of the most terrible ransomware, became worse. Besides encoding files and demanding a ransom, now, it is able to steal the Bitcoin Wallet and users’ information.
Aiming at users of Office 365 with a sophisticated phishing campaign, Cerber had impacted on millions of users all over the world, except post-soviet country. The victim will receive an email with an address of Microsoft Office containing malware. After opening the email, ransomware will silently spread and encode data on the users’ computer. When the process finished, Cerber will leave messages in the form of .TXT, HTML, and VBS at each folder containing encoded data. This malware demands a 1.24 bitcoin ransom (about 520 dollars) and this amount of money will double if the ransom is not paid within one week.
GandCrab is one of the least ransomware that requires paying by electronic money and uses the top-level domain name (TLD). It is surprising that this domain name TLD is not fined by ICANN, so it deliberately provides a “security” level for the crime.
Moreover, GandCrab bases on the Macro Microsoft Office, VBScript, and PowerShell in order not to be recognized and uses ransomware-as-a-service model (RaaS) to optimize the distribution while hackers just need to focus on the email sent to users. The ransom for taking back data can be around 400 USD to 1000 USD. After more than a year dominating the internet computer system worldwide, GandCrab finally announced shutdown after collecting more than 2 billion USD from victims and security experts have released the latest decoder for GandCrab.
Katyusha is a Trojan coded ransomware, which is first discovered in October 2018. It encoded file with extended katyusha and required a payment of 0.5 bitcoin within 3 days. Katyusha would threaten revealing victims ‘data if the ransom was not paid in time as well as the previous backing-up would be “evaporated” by ransomware. Hackers usually used an attached file in an email to spread ransomware Katyusha. Up to now, there aren’t any tools to unlock this malware.
LockerGoga is a quite new ransomware, but its damage caused so serious and the list of victims is predicted going up form time to time. This malware distinguished the others from the fact that it will cause the victim to log out from the infected device, this could make the victim unable to see the ransom notification and how to restore the files.
In early 2019, ransom LockerGoga has attacked some enterprises and manufacturer, caused severe damage. After attacking Altran, an engineering consulting company of France, it continued to access into Norsk Hydro Group – one of the largest group of aluminum production and energy regeneration in Norway and two large chemical company based in the US.
Ryuk is one of the new ransomware, which first appeared in August 2018 and then collected more than 3.7 million USD in the bitcoin form for extorting 52 gaffe victims, who didn’t protect their server and data carefully. Just looking at the amount of money they stole and the number of the victim, this could definitely show that the guys behind this Ryuk malware were very patient, ready to wait for any “tasty prey” acting carelessly.
The way Ryuk attacking isn’t new. Email spams were sent to the enterprises’ accounts. The email was created carefully with attached files, and if users accidentally clicked on the email, hackers could take all the control of the system.
SamSam is a kind of ransomware used popularly in the ransomware attack on a target. SamSam had attacked much American Industry, mainly the infrastructure such as hospital, health care companies. Last year, the SamSam attack had paralyzed Atlanta City for several days, which made the taxpayers spend nearly 17 million USD.
Unlike other ransomware campaign based on tricking technique to distribute, SamSam used Remote Device Protocol (RDP) to invade into victims’ network. Until now, the largest amount of ransomware to decode this malware valid up to 64 thousand USD – a considerable amount compared with the ransomware relatives.
Security solution preventing a ransomware attack
As we can see, in recent year, the threat from ransomware developed terribly. The attacks occur with greater frequency, more sophisticated in their way, even the backup file cannot exist when there is an inrush of ransomware.
This is a reality that all enterprises should have their own way to solve the problem and prevent it. With the email security system - Receive GUARD using AI technology and computer to analyze users’ behavior in order to help them protect the enterprises’ data from any threat of perversion, even it is a new malware, have not been registered by any security offices in the world.
If you don’t want to spend a large amount of money to retake the encoded data, please contact VNETWORK!
More information on this service here.
Hotline: (028) 7306 8789
Vnetwork Joint Stock Company
+84 28 7306 8789
Need more information?