For most people, the terms malware and ransomware have scary but vague implications. The layman realizes that both this software are something that you should run miles away from, but doesn’t fully understand the extent of the destruction they can cause.
Malware, which is an amalgamation of the words malicious and software, is a term which covers an arsenal of viruses, trojans, worms, and other dangerous computer programs under its wing. According to Microsoft, “malware is a catch-all term to refer to any software designed to cause damage to a single computer, server or computer network.”
Ransomware, on the other hand, is categorized under malware and is fundamentally falls under the attack techniques utilized by malware. To aid our readers in understanding about the ever-present threat of ransomware attacks, we’ve compiled an article that delves into attacks from the past, along with the necessary information about ransomware attacks and how they work.
But before we can go into all of that, let’s start with the basics and find out what ransomware attacks are precisely.
What are the Ransomware attacks?
Simply put, Ransomware is a kind of malicious software that manipulates the user by gaining access to sensitive files and systems. The ransomware then blocks the user’s access to these files, holding them hostage by using encryption. Access to these files containing confidential data is then only made possible through a decryption key, which is given to the victim in exchange of a ransom. The decryption key then allows the user to gain access to the files encrypted by the ransomware software.
Although ransomware has been around for a long time, the makers of this malicious software have been growing increasingly advanced and are now creating a much more sophisticated and sophisticated form of ransomware.
“New Age” ransomware integrates a combination of advanced techniques, with more conventional ones to create software which can quickly spread through a network, evade any detection, encrypt files, along with forcing users into paying large sums of ransoms. During the last decade or so, ransomware has grown more sophisticated and more challenging to control.
Ransomware attacks work a lot like biological illnesses. For a ransomware attack to be successful, the software needs access to the users or business’s data. The ransomware gains access to these files through entry points known as “vectors.”
Vectors in ransomware are similar to the ones found in the realms of biology. The vector works by spreading the ransomware in the device, and the most prominent types of vectors include:
A popular way of distributing ransomware is by sending it under the guise of an urgent email attachment.
Another standard method of propagating ransomware is through deceptive pop-ups, where the user clicks on prompts and allows an entry point to the ransomware.
Another entry point utilized by ransomware assailants is to message any potential victims on social media. Popular channels include messages sent on Facebook messenger, which allows the ransomware attack to all connected devices.
Seven Famous Ransomware attacks from the past:
As mentioned above, ransomware goes a long way back in time. The first known ransomware attack was initiated in 1989, almost 30 years ago. From that point onwards, we’ve gotten to see ransomware attacks take its toll on a vast number of victims.
Starting the list off with the first attack that started off the nasty business of ransomware, we’ve compiled a list of the worst ransomware attacks in the last decade so that you know what to watch out for.
The first known ransomware attack, AIDS Trojan, was initiated by Joseph Popp, an AIDS researcher in 1989. Also known as PC Cyborg, the attack was carried out by Popp by handing out 20,000 infected floppy disks to the attendants of the World Health Organization’s AIDS conference.
The floppy disks were distributed to researchers from more than 90 countries and claimed to contain a questionnaire analyzing an individual’s risk of contracting AIDS. However, the disks contained ransomware, which only activated itself when the computer was rebooted 90 times. After the threshold was met, the software displayed a message demanding a payment of $189, along with the additional sum of $378 for software lease.
Although the attack at the time was the first of its kind, it utilized pretty simple symmetric cryptography, and people quickly found and invented tools to decrypt the sabotaged files.
A ransomware attack which caught onto the scene in 2013, and elevated the status and complexities of ransomware attacks ever since. CryptoLocker propagated through attachments to spam messages and utilized RSA public key encryption to seal files containing the user’s sensitive information.
The ransomware then demanded a hefty sum of money in exchange for the decryption keys. At its height, CryptoLocker infected over 500,000 machines and was the source of many famous variants, which brought in about 3 million dollars through ransom fees.
However, despite the havoc wreaked by CryptoLocker, it was brought down by Operation Tovar. Operation Tovar succeeded in bringing an end to the ransomware by destroying the botnet that controlled the software.
Although the ransomware initially claimed to be a variant of CryptoLocker, the sophistication behind the software led for it to have a new name- TeslaCrypt.
TeslaCrypt worked by targeting necessary files which were linked with video games. These files consisted of information vital to the game, such as maps, soundtracks, downloadable content, etc. The tactic employed by TeslaCrypt was smart since most of these files are stored locally, rather than being backed up by an external drive or cloud.
Aside from being sophisticated ransomware, TeslaCrypt was wildly successful. By 2016, the malware was responsible for 48% of ransomware attacks. The primary reason for the success of the attack was that the ransomware was continually being improved upon. During 2016, it was impossible to gain access to the files without help from the ransomware assailants.
In a shocking turn of events, however, the creators of TeslaCrypt announced in May 2016 that they were done with their crimes, and offered the master decryption key to all of their victims publicly.
With advancements in mobile technology, more and more people are storing sensitive information on their phones instead. However, for ransomware scammers, this news brought opened up a whole new world full of opportunities.
In late 2015 and early 2016, ransomware infections in Android devices increased to almost four times. Most of these attacks were “blocker” attacks that created barriers and prevented access of specific files, by attacking parts of the system UI. However, in late 2015, ransomware by the name of “SimpleLocker” began to spread.
SimpleLocker was the first Android-based attack which encrypted files and made them inaccessible to the users. Another first for the malware was that it was the first-known ransomware to make use of a Trojan downloader.
Although the ransomware initially originated from Eastern Europe, three-quarters of the victims were from the United States.
Perhaps the most significant and worst ransomware attacks in recent history, the WannaCry attacks propagated throughout the globe and shut down entire institutions on its path to destruction.
During May 2017, the ransomware was detected in a couple of devices by Avast in Europe. However, four days after the initial detection, the WannaCry ransomware was detected 250,000 times in over 116 countries.
Perhaps the most dangerous aspect of these ransomware attacks was that they made use of leaked NSA hacking tools, in this particular instance, a tool called “EternalBlue.” The leaked hacking tool exploited a vulnerability in Microsoft devices, which enabled WannaCry to take full advantage of thousands of Microsoft users. The ransomware encrypted all files and then proceeded to demand $300 in Bitcoin for the decryption key.
First detected in late 2015, the SamSam ransomware attacks had their eyes on some high profile targets, such as the City of Atlanta, the Colorado Department of Transportation along with multiple health care institutions.
SamSam ransomware stands out because of the way it carried out the attack. The controllers of the software pre-selected their targets and exploited their inside weaknesses after a careful analysis of their system.
Although the attacks were believed to be originated from Eastern Europe, the Department of Justice arrested two Iranians who were claimed to be behind the attacks. It is estimated that these attacks resulted in 30 million dollars lost, and primarily attacked the internal infrastructure of the United States.
The latest ransomware attack on our list, Ryuk is another ransomware which wreaked havoc in 2018 and 2019.
The victims of Ryuk included organizations, which could barely afford to take the hit such as daily newspapers and a North Carolina water utility. Among the publications infected, was the popular Los Angeles Times.
Ryuk cashed in on many devious features, which included disabling the Windows System Restore, which rendered it even more difficult for users to extract their stolen data. Ransom demands were increasingly high, since the victims were mostly high profile victims, and the attacks were carried out during Christmas season.
The source of the ransomware is vague since most people believe that the Ryuk source code is derived from North Korea’s Lazarus Group. However, the attacks were carried out by Russian-speaking suppliers.
So, where do you go from here?
In the end, we can only hope that this article has brought you in the loop regarding famous attacks that were created to wreak as much havoc as possible, along with collecting money in the process.
With that out of the way, as responsible users of technology, try to steer as far away as you can from email attachments and messages on social media that seem shady from the get-go. Like the many examples mentioned above, clicking on any of these links can potentially result in a multitude of losses for you.