€16.7 billion. That is the estimated cost of ransomware attacks in 2020. If you do not understand the ransomware ecosystem, then how can you potentially shrink the risk of this threat?
Ransomware has become a prevalent weapon in the hands of cyber criminals who threaten not only businesses and individuals but also governments on a daily basis. Cybersecurity Ventures predicts that ransomware is expected to attack businesses every 11 seconds by the end of 2021. The harsh reality is that ransomware is not going away, instead it continues to take thousands of organisations hostage. Stay aware of recent ransomware attacks 2020 and better understand how recent ransomware attacks are being deployed.
Table of Contents
How do ransomware attacks happen?
Ransomware is a sophisticated form of malware that is capable of encrypting all data saved within a victim’s computer and of holding the files ‘hostage’ until the demanded ransom is paid. There are several ways that ransomware can enter your network. One of the most popular delivery systems is phishing emails that contain malicious attachments (e.g. PDFs, Word documents, etc.). Ransomware creators make these spam emails look like they are coming from a legit email address. Please also be informed that these emails sometimes contain links to malicious websites.
The second way that the ransomware attacks are disseminated is through ‘malvertising‘. Kaspersky defines malvertising as malicious online advertisements, some of which cause malware infection while others track user behaviour. Basically, malvertisements are spread through the same methods just like normal online advertisements. Malvertising campaigns are popular simply because infecting an ad requires less effort than discovering a vulnerability in the website. Do you remember when Spotify, one of the world’s most popular audio streaming service providers, fell victim to a malvertising attack back in 2011?
3 latest ransomware attacks
Below we discussed 3 latest ransomware attacks, in no particular order, that has occurred in 2020.
The ransomware deletes system backups and usually demands a ransom amount ranging between $150 and $900, and gets doubled if not paid in time (yet, recovery is not guaranteed!). Since the ransomware uses solid encryption algorithms such as AES256 and RSA2048, any decryptor is not available and it is impossible to decrypt the file without the key that was utilised to encrypt the files. Other features of Avaddon are as follows:
Ransomware can put any company at risk. There are still some measures you can take today to protect your or your organisation’s files from ransomware. Following are 3 best practices to protect files from ransomware:
Related article: Explore 6 Types of Network Security and Ensure Robust Protection
Egregor is a new sophisticated ransomware which was first spotted in September of 2020. Egregor earned its destructive reputation after successfully infiltrating the video game developer Ubisoft in October of 2020. Since its operation, this ransomware also penetrated the globally-known recruitment organisation Randstad and a Canadian public transportation agency TransLink.
“Like most current ransomware variants used, Egregor uses double extortion” says CSO. Double extortion means that criminals steal data from organisations besides encrypting files, meaning that threat actors maximise their chance of gaining profit by giving their victims extra incentives to pay the ransom. Some incentives include to sell or even auction the encrypted data.
According to TrendMicro, Egregor ransomware is typically distributed as a payload along with remote access trojans like QAKBOT. Yet, there is no specific information on how precisely Egregor obtains initial access. But it is highly likely that it deploys techniques that are similar with other targeted ransomware such as remote desktop protocol (RDP) hacks or stolen accounts.
As regards the ransom demand, it may vary based on the size of the target organisation. Demands can easily exceed the ransomware marketplace average because of the fact that Egregor is known to penetrate data as well. The image above shows what Egregor ransomware notice looks like.
There are a number of mitigation techniques you may want to consider. Firstly, regularly monitor for Qakbot and Ursnif malware infections, as these malware groups inject Egregor ransomware. Secondly, educate your employees on the signs of phishing attacks, because these attacks are a common attack vector for injecting ransomware.
Related article: Mobile Banking Security: Stay Alert and Protect Your Money
Another notorious ransomware family is the NetWalker ransomware. It is a Window’s specific ransomware, encrypting and exfiltrating all of the data it breaches. “The secret behind this ransomware family’s pay-out success lies in their double-extortion approach” says UpGuard.
Among major targets of NetWalker ransomware are educational institutions, healthcare providers and private companies. For example, NetWalker launched an attack against the Austrian village of Weiz through a phishing email. Also, this group has successfully attacked the University of California San Francisco (UCSF) and encrypted their computers.
Technically, the NetWalker ransomware is spread in 2 ways. One way is through an executable document that haas been spread on the network. Once this file has been executed by the user, if immediately infects the system. The second way is known to be through VBS scripts, attached to COVID-19 related phishing email that contains a link to a malicious ZIP archive.
Varonis says that NetWalker continues to become more advanced and difficult to defend against due to the fact that they expand their affiliate network. That said, you may want to consider the following three practical tips.
Final thoughts on recent ransomware attacks 2020
Unfortunately ransomware is so effective and organisations are not fully prepared for its resurgence. Above we outlined 3 latest ransomware attacks and how they usually deliver malware. Do you want to stay protected from ransomware? Be proactive and consider the measures we shared above to decrease your risk of being held hostage by ransomware.
Are you interested in a career within cyber security? Are you passionate about assessing system vulnerabilities, identifying weaknesses, and ensuring that preventive actions are taken to address them? If you answered ‘yes’ to one of these two questions, then you might want to have a look at our Cyber Security Specialist training with Swiss Federal Diploma. By attending this training, you will be part of intensive training and security incidents using simulated challenges related to real-world cyber incidents. We kindly invite you to book a free consultation with us and we would be happy to answer your questions.