All your security requirements under one roof.
Let us help you in securing your organization through our proactive, active and reactive cyber security solutions.
Home / Top Ransomware Attacks
Ransomware is a type of software or malware that takes over the systems and locks the file. Once the system gets infected with the malware a user is prevented from accessing the system and files. Typically, until and unless the victim pays the ransom amount, cyber criminals don’t pass the decryption key that can release the blocked systems and files. However, it is not guaranteed they will pass the key even after the ransom is paid!
Find the most infamous and dangerous ransomware attacks that have emerged so far!
Wannacry is one of the most ravaging ransomware attacks in history. The attack terrorized the internet in the year 2017. Thousands of companies worldwide were infected including FedEx, Nissan, and Renault. The virus was spread through a phishing email and was delivered in the form of a dropper.
WannaCry is considered as one of the most dangerous ransomware attacks as it can spread the virus across multiple organizations’ networks by exploiting critical vulnerabilities in Windows operating systems.
Mirai is a form of malware that can infect devices that run on ARC processors. Once infected the malware turns the systems into a network of remotely controlled bots. Hence it is known as a botnet and it is often used to launch DDoS attacks.
Here’s an opportunity for you to stand out from the crowd!
Join our weekly newsletter Cyber Times and become a part of our Cyber Resilient Community
The malware was created by Josiah White, Paras Jha, and Dalton Norman. Paras Jha, being one of the big Minecraft players created the malware to take down the rival Minecraft servers offline using DDoS attacks. The name Mirai is derived from the anime series “Mirai Nikki”.
Maze ransomware was previously known as “ChaCha ransomware”. It was discovered by Jerome Segura and since then the malware has been known for targeting organizations worldwide. Initially, Maze ransomware hacking groups used exploit kits like Fallout and Spelvo to deploy the malware.
As of now, the Maze ransomware group has announced that they will not be launching any more attacks nor leak any new companies’ data on their site. However, it is believed that the group would be back, so the threat is likely not coming to an end.
Petya, a form of encrypting malware that infects Microsoft Windows-based computers was first discovered in 2016. The scary part of the malware is that it doesn’t simply encrypt files but overwrites the entire Master Boot Record (MBR). Moreover, it encrypts the Master File Table (MFT).
Often Petya uses the EternalBlue exploit to spread. However, it also uses classic SMB network spreading techniques. This makes organizations patch both the spreading techniques. Cyber criminals behind Petya use phishing or spear phishing emails to deliver the malware.
REvil AKA Ransomware Evil is also known as “Sodinokibi”. It is a Ransomware-as-a-Service (RaaS) operator which is believed to be Russia-based or operated by a Russian-speaking group. After encrypting the files and systems the group would threaten to publish the sensitive information on their page, called “Happy Blog” unless the ransom amount is paid.
The malware was first identified on April 17, 2019. The group deploys the malware via exploit kits, RDP servers, backdoored software installers, and scan-and-exploit techniques. Moreover, REvil also recruits affiliates to spread the ransomware for them.
CryptoLocker is a malware that encrypts files such as videos, documents, and demands ransom from the victim for the decryption key. The malware targets only Windows operating systems and once the system is infected, it searches for files and locks them using asymmetric encryption.
The most common method to deliver the malware to the victim is via phishing emails attachment and downloads from infected websites. Often the attachments appear to be familiar file name types such as .doc or .pdf, however, it is the disguised of the real name that is .EXE, an executable file.
Ryuk is a family of ransomware that first appeared in mid-August 2018. It is believed that the Russian cyber criminal group, also known as “WIZARD SPIDER” operates the campaign of spreading the malware. Since its first appearance, the malware has been targeting businesses, hospitals, government institutions, and other organizations.
Ryuk mostly targets organizations instead of going for individual consumers. And similar to other ransomware groups they demand ransom payments to release the data their malware has made useless by encryption.
Tycoon ransomware is malware that is recently discovered and aims for infecting Windows and Linus PCs. It is written in Java and has been targeting several organizations including the education and software industries.
Tycoon ransomware has been seen active since December 2019 and its victims' profile are mostly small and medium-sized enterprises (SMEs). However, experts believe that cyber criminals can use the malware in situations where it is most likely to be successful when targeting large enterprises.
NetWalker is one of the newest variants of the ransomware family and it is also known as Mailto. It was created by the cyber criminal group known as 'Circus Spider' in 2019 and since then it has become fast-growing ransomware.
Similar to other ransomware attacks, Netwalker holds the victims’ data hostage and threatens to publish it if the ransom payment is not made at a given time. As of now, NetWalker has decided to expand its affiliate network by shifting to a ransomware-as-a-service (RaaS) model which will allow them to operate more frequently and target more organizations.
Read recent blogs on ransomware attacks and awareness