Ransomware is not new. In fact, it first reared its ugly head at the World Health Organization’s AIDS conference in 1989. Biologist Joseph Popp distributed 20,000 floppy disks purportedly holding important information, to attendees. However, a virus encrypted the names of files and hid directories on the attendees’ PC, essentially locking up the data.
To get the data back, attendees had to pay $189 to a company called PC Cyborg. Popp was never brought to trial, as he was declared unfit. Wearing a cardboard box to keep out radiation may have had something to do with that.
Ransomware has only grown more nefarious since that inauspicious beginning almost 30 years ago. In fact, last year the number of ransomware attacks against businesses tripled. Here is our roundup of the five most egregious ransomware exploits that occurred in recent years.
In October 2017, researchers came across a new ransomware attack dubbed Bad Rabbit. It initially targeted Russian, Ukrainian, Turkish, and German users, but it has the ability to spread elsewhere.
Victims were confronted by this alarming screen.
Bad Rabbit, a drive-by exploit, works by spreading a fake Adobe Flash installer that victims themselves install. The bad Flash installer comes from an array of websites your end users may visit. Like most ransomware, Bad Rabbit is based in part on a previous exploit, in this case sharing code with ExPetr ransomware, and may come from the same attacker.
Learn more about Bad Rabbit at Bad Rabbit — Ten Things You Need to Know about the Latest Ransomware Outbreak.
- Crypto Locker
Crypto Locker was written by cybercriminal Evgeniy Bogachev. It demands a ransom of about $650 paid via Bitcoin. Some quarter of a million machines were infected. This ransomware can also steal credit card information.
An unrelated exploit, Gameover Zeus came out close to Crypto Locker, and was pure and direct theft. Instead of demanding payment, Zeus diverted a company’s or consumer’s money to an overseas account.
- Breaking Bad
Breaking Bad, named after the popular American TV series, was aimed at consumers. Instead of encrypting business data, it locked down consumers’ videos, photos and documents. These criminals must have known that far fewer consumers back up their computers compared to SMBs.
While not mission-critical business data, these photos and other files are often priceless to the person who created them, and contain irreplaceable memories.
Would it surprise you to learn that one of the most successful computer exploits in history happened against a vulnerability for which a patch already exists? That is just what happened with the WannaCry (also called WannaCrypt) ransomware attack that crippled hundreds of thousands of computers.
WannaCry uses remote code execution to breach a system, encrypt the data, and then demand a ransom be paid through Bitcoin, as nearly all ransomware since Crypto Locker and Breaking Bad have done. Making it even more devious, the exploit is worm-like, so it can crawl easily from one system to another.
WannaCry was a leap forward (or a backward for end users and IT pros/MSPs) in terms of how it spreads. “The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers,” Microsoft explained.
One particularly dangerous ransomware attack was Petya, whose victims include banks, airports, the metro in Kiev, and even Chernobyl radiation detectors.
The sad part is that this exploit was completely preventable. Petya is based on the WannaCry ransomware attack, which goes after a hole in older versions of Windows. The U.S. National Security Agency (NSA) used this vulnerability for its own cyber efforts, a fact disclosed by a WikiLeaks data dump, offering hackers an easy to follow blueprint.
The fact is most successful exploits are against unpatched systems. Hackers love to take shortcuts, and the patching process offers a perfect opportunity, just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.
Petya added some sinister elements to what WannaCry offered. For one, Petya knows how to mine endpoints for passwords and uses these credentials to spread to other devices.
Petya can also be spread by taking advantage of machines with admin rights, similar to an elevation of privilege attack.
Take a Stand
For these and other ransomware attacks, taking a layered approach to security goes a long way toward keeping your enterprise secure. To better understand how layered security can benefit your enterprise download our whitepaper “Ransomware: How a Layered Approach Protects against Cybercriminal Extortion.”