Ransomware: Explanation and Examples

In the 2021 State of Email Security Report, Mimecast had identified that a large number of organizations experienced a ransomware attack. It was found that in 2021 61% of organizations experienced this, in comparison to the 51% last year.

This statistic sheds light on a scary fact. The fact that ransomware is and will continue to be rampant. This means that more companies and organizations will become targets of cyberattacks.

The Threat of Cyber-Attacks and Ransomware

A cyber-attack is any malicious action towards a person or an organization through virtual means. Most cyber-attacks lead to personal information leaks or further breaches of security. One of the most common cyber-attacks today would be ransomware.

Ransomware is a term that generally refers to a program or malware that stops a user from accessing the device. This malware essentially holds the system and all of its contents hostage. This is usually done in conjunction with the threat of deleting all of the information or releasing it all to the public.

Ransomware got its name because the entire system is held hostage until a “ransom” is paid to the hackers or programmers. Much like a modern kidnapping, this is all about stealing something and then returning it for a price.

Common Types of Ransomware

As mentioned, cyber-attacks come in many shapes and sizes; this specific attack also comes with various strains. All of them function with the same idea of holding a system hostage, but each does it in their way.

Malware in general is bad news for everyone and it is constantly evolving. As we discuss the common types of ransomware that plague the digital world, more and more malware is developed. 

To keep up with the ever-growing list of malware threats, you can check out online malware trackers. These track and update users on new malware threats that may end up on your computer.

Regardless of the infinitely growing list of new threats, here are the common types of ransomware that threaten you and your businesses.

1. Bad Rabbit

This strain of ransomware surprised the world when it appeared in 2017. This ransomware was tricky because it came in the form of a false Adobe Flash Installer. It could spread the malware through numerous compromised or unsecured websites.

You could find Bad Rabbit embedded in a website with JavaScript injected into the site’s HTML code. This was around the peak of Bitcoin so the hackers would demand users to pay the ransom in Bitcoin.

Much like all other strains of ransomware, Bad Rabbit encrypts the files of the system. It then shows a specific message when you try to access it. The message is “If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time.”.

Bad Rabbit restricts the user from accessing the system and their files are in danger.

2. Petya and NotPetya

Petya is a strain of ransomware that targets Microsoft Windows-based computers. Once Petya starts, it continues to lock the hard drive’s systems and thus prevents access. Access to these hard drives would only be available with the encryption key. However, users would only be able to get this encryption key once they paid the ransom.

This strain of ransomware is a bit older since it debuted in 2016 but got the limelight in 2017 when it targeted several businesses. The 2017 version called “NotPetya” made world news when it came out. It made several devastating blows to businesses around the world, especially in Ukraine. 

The damage from NotPetya was so devastating that sources stated it had an estimated $10 billion worth of damages.

NotPetya took advantage of the weakness inside Microsoft Windows’ programming and exploited a fortune out of it. This strain showed that even the most reliable of companies can still be vulnerable to cyber-attacks.

3. Sodinokibi

Sodinokibi, also called REvil, is a gang and a family of Ransomware that keeps targeting Windows systems since April of 2019. In July REvil ransomware servers went off and although in September servers were turned on it looks like the gang has problems. On September 16 was released a universal decryption tool for Sodinokibi infections that occurred prior to July 13. Sodinokibi encrypts all the crucial files and information for getting ransom and they send a program to decrypt the files once they get the ransom.

The people whose systems were affected by this ransomware receive a ransom note once the encryption is entirely done. Usually, you can see some of the ransom instructions on the desktop wallpaper too.

This ransomware encrypts files and information and deletes backups and shadow copies not only on the local drives of your system but also targets all networks. After infection even if you have a backup, you would not be able to access the files and information stored on the system.

How to prevent ransomware?

Despite the many vulnerabilities of the digital world, there are countermeasures. These are various solutions that either prevent or lessen the damage from a cyber-attack. These solutions vary in terms of effectiveness and how they work.

OT Security

As the name suggests, cybersecurity is all about keeping your devices and your digital life secure. This can be through the use of IDS/IPS, anti-virus programs, or even hiring companies that specialize in cybersecurity. As an example, OT security is a combination of hardware and software that keeps track of a process or a device.

This form of cybersecurity is usually used in Industrial Control Systems to help monitor the long-term status of a device. Through OT security, people can track certain bits of information like temperature or other indicators of tampering or malfunction.

With the use of OT security, a process and the company is kept safe from cyber-attacks. If someone tampers with the device and something goes wrong, most ICS have the security measure to simply shut off safely.

Proxy

Another popular solution would be proxies. A proxy shines when it comes to security and anonymity. There are different kinds and types of proxies but they all revolve around the idea of keeping your identity safe.

A proxy acts as a messenger and sends or receives your requests on your behalf. This allows you to remain anonymous and safe at a distance. These proxies act as a wall in the middle of you and the public server.

Proxies also serve a multitude of purposes, like accessing geo-restricted content and faster load speeds. You can read more about proxies and all of their wonderful benefits here.

Sandbox

In terms of cybersecurity, a sandbox is actually an isolated environment on the network which helps the end-user operating environments. Sandboxes are usually used to find any suspicious codes without creating any damage to the network.

Sandbox enhances the layer of protection for the network and prevents security breaches. It helps avoid any vulnerabilities, malware, and also system failures.

ANY.RUN service is an online malware analysis sandbox that helps in testing and detecting any suspicious and malicious files. They conduct all the analysis in real-time and do the work very efficiently in monitoring the network and avoiding security breaches.

Cybersecurity and cyber-attacks, in general, are very broad areas. It is nearly impossible to mention all the possible threats and safety tips in one list. You can read up on a bunch of other cybersecurity options available.

IDS/IPS Systems

IDS is intrusion detection systems and IPS is intrusion prevention systems that help in preventive and detective security measures. They analyze all the potential security threats and provide proactive measures in monitoring the networks round the clock.

All the logged information, finding possible incidents, and enhancing the security protocols are done efficiently with the help of these systems. Attackers would not be able to breach the network and even if they try, it would be stopped.

Ransomware use case

The interactivity of ANY.RUN gives you additional abilities when it comes to ransomware analysis. Here is a malware sample that we will have a look at.

Firstly, you can see the infection chain of the local system in real-time. Process tree gives you immediate insight into what this ransomware family is doing with infected operating systems. When you look at additional details of the process in the “Files” tab you can see which extension files were encrypted and open ransom notes. Process tree also gives analysts a quick glance at what processes start apart from the main and their command line, so if Powershell starts to delete shadow copies you won’t miss it.

Secondly, you can recreate all the chain of events of the local infection – from opening an attachment in the email to taking a chat with the crooks about ransom. You can even try free decryption of several files (mostly images) for free –  some ransomware gangs provide it on their web sites. 

You can find more information about Sodinokibi and another ransomware Maze in our video. 

Key Takeaways

Technology is defined as the application of scientific knowledge for practical purposes, especially in industry. Technology is an upgrade in terms of how things are accomplished. 

Working our way forward doesn’t mean that there are no new risks or threats. As mentioned, cyber-attacks are no joke. They come in many shapes and sizes and cause their kinds of problems.

Ransomware is all about getting into a device or a system and turning that system and the files into its hostage. With the files hostage, users are forced to pay for an encryption key to buy back what was rightfully theirs.

Different strains of ransomware do this with their methods but all are cruel and leave your files vulnerable. Whether it’s the infamous Not Petya strain or the terrifying and dramatic Jigsaw ransomware, you don’t want to deal with ransomware.

Cyber-security is the best form of protection when it comes to such attacks. Cyber-security also comes in many forms but if you value your files you might want to look into getting some protection soon.

This is especially true if you belong or are related to any of the industries that are valuable targets for cyber-attacks. No matter who you are, there is still a risk that you end up misclicking a download or maybe you just get targeted. An ounce of prevention is worth more than a pound of cure.

In this case, a little bit of prevention may determine the fate of your beloved files.