Ransomware has gone from being unknown to one of the biggest threats in cybersecurity. By encrypting critical system files, it renders conventional security mechanisms virtually powerless and in many cases, leaves the victim with no choice but to pay up. While they all share the same malicious goal, not all ransomware strains are created equal. In fact, some variants are far worse than others. On that note, here’s a look at five ransomware strains that are giving IT security teams nightmares.
A cute and cuddly name is where Locky’s endearing qualities end. Locky encrypts important data files as well as connected network systems, Bitcoin wallets, and Volume Snapshot Service (VSS) files — just in case you were counting on them to restore your data. This versatile strain will forever live in infamy after launching an attack on the Hollywood Presbyterian Medical Center. The ransomware infection forced the hospital to temporarily shut down its IT systems, close various departments, and redirect patients before eventually paying a ransom of roughly $70,000.
WannaCry can be credited with taking the ransomware phenomenon mainstream. The initial infection functioned as a Trojan by spreading through hyperlinks shared in emails, software downloads, and rogue advertisements. Later versions took on worm-like characteristics that further extended its reach by exploiting a vulnerability believed to have been leaked by the NSA to remotely attack computers over the internet. The WannaCry outbreak affected hospitals, banks, and airports in approximately 150 countries.
Ransomware typically encrypts select files. Petya goes a step beyond by targeting the entire system. The malware typically uses vulnerabilities found in Windows as a means of propagation, which enables it to rapidly spread through infected organizations. Once installed, it uses administrative privileges to overwrite the Master Boot Record (MBR) and effectively hold the system hostage. The original Petya was followed up by several more advanced successors, including the NotPetya strain the White House pinned on Russia for causing billions in damages worldwide.
If you need more proof that malware authors view cybercrime as some kind of twisted game, look no further than Jigsaw. This creepy ransomware strain is inspired by the horror movie franchise Saw. Once executed, the malware displays an image of Billy the puppet, a ransom note, and a red digital clock. Unlike most strains, this one not only encrypts your files, but deletes them and increases the fee every hour until the ransom is paid. Jigsaw illustrates the depths ransomware peddlers are willing to sink to in order to pressure victims to pay up.
Most ransomware authors focus on stiffing a large number of victims for relatively small amounts of money. Bit Paymer literally ups the ante by requesting a ransom of anywhere between $92,000 and $242,000, hence why it primarily targets larger organizations. In addition to encrypting files, the ransomware threatens to expose the victim’s confidential data to the media if the ransom demands aren’t met. Bit Paymer’s sophistication and familiar characteristics led cybersecurity software firm ESET to trace its origins to the creators of Dridex, the infamous Trojan that wreaked havoc on the banking industry.
Today’s ransomware threats are capable of inflicting damage that goes well beyond extortion. With so much on the line, organizations must adopt a proactive over reactive mentality. Coupled with extensive business continuity planning, a security strategy that emphasizes prevention and early detection is the way forward in ransomware protection. If recent history has taught us anything, it’s that waiting for ransomware to strike can lead to irreparable damage.