The threat of ransomware has been ever present in 2020, especially within the high-stakes industries like healthcare and those involved in the election. According to Verizon's 2019 Data Breach Investigations Report, 24% of security incidents that involved specific malware functionality exhibited ransomware functionality.
These threats shouldn’t be new concerns for security leaders; A Bitsight Insights report found in 2016 that instances of ransomware more than tripled—and in some cases increased tenfold—for many industries between July 2015 and July 2016.
These ransomware statistics indicate just how important it is to pay attention to how your organization could be vulnerable. We’ve outlined what’s led to ransomware’s proliferation, as well as eight ransomware examples you should be paying attention to and how you can combat attacks.
What Makes Ransomware So Widespread?
As examples of ransomware continue to become more prevalent, here’s a question worth considering: “What makes ransomware such a common form of malware?”
The answer comes down to money and time.
Ransomware attacks are significantly faster and cheaper to carry out compared to many other cyber models, and have a much higher payout.
Take a banking trojan operation for example. Prior to ransomware, banking trojans were the most common form of malware. The banking trojan business model is extremely complex and requires many people to play many roles. The top technical individuals set up an infrastructure that allows infected bots to exfiltrate information. The drop organizers mine the exfiltrated information and steal bank account details to send the funds to outside bank accounts. Then they withdraw those funds and send them back to multiple hacker-run accounts. This scheme of money laundering limits profit because they have to split the earnings with everyone else involved in the cash-out.
The business model ransomware examples follow has a number of benefits over banking trojans and other forms of malware:
- It’s easier to launder cryptocurrencies than it is to launder traditional money. If the funds aren’t withdrawn right away, the fluctuation of Bitcoin could make the ransom even more valuable.
- Since fewer people are involved in the operation, the bad actors don’t have to split the stolen currency.
8 Dangerous Ransomware Examples
Ransomware encrypts data on a server, workstation, or mobile device, and demands a ransom via a cryptocurrency like Bitcoin. Not every example of ransomware is financially motivated — some is primarily intended to cause an operational disruption on a network. Below, are eight real-life ransomware examples that are regularly used — and extremely dangerous.
Financially-Motivated Ransomware
1. Locky
Locky first appeared in February 2016 and has become one of the most distributed ransomware example. In late 2016 it became so proliferate that it was named one of the three most common forms of malware, and still today there are distribution campaigns of Locky via email.
2. Troldesh
Troldesh is mostly distributed in Russia and European countries. It is not prevalent in the U.S.
3-5. GlobeImposter, Philadelphia, and Cerber
GlobeImposter, Philadelphia, and Cerber are all ransomware examples using the “Ransomware as a Service” (RaaS) model. While some cyber criminals make and distribute their own ransomware, some have begun to provide a software package—complete with ransom note customization—to other cyber criminals for a fee.
Disruption-Motivated Ransomware Examples
Interestingly, some of the biggest ransomware examples of 2017 are believed to be motivated by operational disruption or systemic harm, not financial gain.
Two recent attacks used a single Bitcoin wallet to collect ransom, placing greater emphasis on the disruption itself rather than payment collection. This tactic also makes it impossible for the distributor to know which victims actually paid the ransom requested.
6. WannaCry
WannaCry is a wormable ransomware that spreads like a virus. Interestingly, it only collected a bit over $100,000 dollars total, quite a small sum considering its global spread. Between May 12 and May 15, 2016, WannaCry was observed on over 160,000 unique IP addresses. The ransomware example hit telecommunications and technology companies the hardest, but those in the insurance industry saw their Bitsight rating drop the most due to the WannaCry attacks.
7. NotPetya
NotPetya used a compromised accounting software provider as its initial point of distribution, and impacted many Ukrainian companies. But NotPetya didn’t stop in Ukraine. Multinational companies with arms in Ukraine were compromised during the ransomware example as well. NotPetya also impacted the bottom line of some large companies, even though it wasn’t a financially motivated ransomware example. According to this Insurance Journal article, “Package delivery company FedEx Corp. said a [NotPetya] attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast. The company said the cyber attack slashed 79 cents per share from its profit.”
8. Bad Rabbit
Bad Rabbit is a variant of the NotPetya ransomware example that was also primarily distributed in Ukraine and Russia to a number of major corporations. NotPetya and Bad Rabbit share the same code, indicating that the same group is responsible for both ransomware examples Unlike NotPetya, Bad Rabbit uses unique Bitcoin wallets for every victim. For this reason, the motivation behind these attacks is unclear.
Fighting Ransomware: 4 Things You Can Do
Law enforcement has had a difficult time fighting ransomware because of the sheer volume of ransomware examples in operation, and the fact that the operations themselves are difficult to track.
There are tools designed specifically to combat ransomware examples. The No More Ransom Project — founded in 2016 by the Dutch Police, Europol EC3, Kaspersky, and McAfee, and in partnership with over 100 other organizations worldwide—has helped decrypt tens of thousands of devices and is also helping to educate individuals and organizations about ransomware.
If your organization is infected with a ransomware attack, the immediate question is usually “Should we pay?” We — along with the No More Ransom Project and various governmental agencies — do not recommend paying the ransom. This simply confirms the ransomware business model and encourages the cycle to continue.
There are several things you can do if your network is infected with a ransomware example:
- Back up your data for easy retrieval if your network is attacked.
- Use antivirus software with a good reputation.
- Keep your computer operating systems up to date. We found that 67% of systems affected by the NotPetya attacks were running on Windows 7, an outdated operating system at the time.
- Educate your employees on proper cyber hygiene, and set clear protocols with regard to opening email links and attachments.
For additional data on the rise of ransomware, download this Bitsight Insights report. It highlights how ransomware infections have grown, the industries that have exhibited the most ransomware infections, and how businesses can help mitigate the threat of ransomware.
Do you know how secure your organization really is?
If your organization, or any of your third-parties, are operating under a work-from-home environment, your attack surface has expanded in the past year. Discover how to protect your cyber landscape against unique work from home threats, including the ransomware examples, when you download our whitepaper.