7 Dangerous Ransomware Examples (and How to Fight Back)
Tags:
Ransomware remains an enduring and evolving threat, consistently impacting critical sectors such as healthcare and even electoral processes. Over time, various reports have highlighted the prevalence and adaptability of this malicious software.
Instances of ransomware attacks have been a concern for years, with significant increases observed across industries. This ongoing trend underscores the importance of understanding vulnerabilities within organizations to safeguard against potential attacks.
In this article, we'll delve into the factors contributing to the proliferation of ransomware, explore notable examples—such as Locky, Troldesh, GlobeImposter, Philadelphia, Cerber, WannaCry, NotPetya, and Bad Rabbit—and discuss effective strategies to counter these threats.
By staying informed about the evolution of ransomware and adopting proactive measures, organizations can better fortify their defenses against these ever-present dangers.
These ransomware examples indicate just how important it is to pay attention to how your organization could be vulnerable. We’ve outlined what’s led to ransomware’s proliferation, as well as eight ransomware examples you should be paying attention to and how you can combat attacks.
What Makes Ransomware So Widespread?
As examples of ransomware continue to become more prevalent, here’s a question worth considering:
“What makes ransomware such a common form of malware?”
The answer comes down to money and time.
Ransomware attacks are significantly faster and cheaper to carry out compared to many other cyber models and have a much higher payout.
Take a banking trojan operation for example.
Before ransomware, banking trojans were the most common form of malware. The banking trojan business model is extremely complex and requires many people to play many roles. The top technical individuals set up an infrastructure that allows infected bots to exfiltrate information.
The drop organizers mine the exfiltrated information and steal bank account details to send the funds to outside bank accounts. Then they withdraw those funds and send them back to multiple hacker-run accounts. This scheme of money laundering limits profit because they have to split the earnings with everyone else involved in the cash-out.
The business model ransomware examples follow has several benefits over banking trojans and other forms of malware:
- It’s easier to launder cryptocurrencies than to launder traditional money. If the funds aren’t withdrawn right away, the fluctuation of Bitcoin could make the ransom even more valuable.
- Since fewer people are involved in the operation, the bad actors don’t have to split the stolen currency.
7 Dangerous Ransomware Examples
Ransomware encrypts data on a server, workstation, or mobile device, and demands a ransom via a cryptocurrency like Bitcoin.
Not every example of ransomware is financially motivated — some are primarily intended to cause an operational disruption on a network. Below, are eight real-life ransomware examples that are regularly used — and extremely dangerous.
Financially-Motivated Ransomware
1. Locky
Locky first appeared in February 2016 and has become one of the most distributed ransomware examples.
In late 2016 it became so widespread that it was named one of the three most common forms of malware, and still today there are distribution campaigns of Locky via email.
2. Troldesh
Troldesh is mostly distributed in Russia and European countries. It is not prevalent in the U.S.
3-5. GlobeImposter, Philadelphia, and Cerber
GlobeImposter, Philadelphia, and Cerber are all ransomware examples using the “Ransomware as a Service” (RaaS) model.
While some cyber criminals make and distribute their ransomware, some have begun to provide a software package—complete with ransom note customization—to other cybercriminals for a fee.
Disruption-Motivated Ransomware Examples
Interestingly, some of the biggest ransomware examples of 2017 are believed to be motivated by operational disruption or systemic harm, not financial gain.
Two recent attacks used a single Bitcoin wallet to collect ransom, placing greater emphasis on the disruption itself rather than payment collection. This tactic also makes it impossible for the distributor to know which victims paid the requested ransom.
6. WannaCry
WannaCry is a wormable ransomware that spreads like a virus. Interestingly, it only collected a bit over $100,000 total, quite a small sum considering its global spread.
Between May 12 and May 15, 2016, WannaCry was observed on over 160,000 unique IP addresses. The ransomware example hit telecommunications and technology companies the hardest, but those in the insurance industry saw their Bitsight rating drop the most due to the WannaCry attacks.
7. NotPetya
NotPetya used a compromised accounting software provider as its initial point of distribution and impacted many Ukrainian companies. But NotPetya didn’t stop in Ukraine. Multinational companies with arms in Ukraine were compromised during the ransomware example as well.
NotPetya also impacted the bottom line of some large companies, even though it wasn’t a financially motivated ransomware example. According to this Insurance Journal article, “Package delivery company FedEx Corp. said a [NotPetya] attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast. The company said the cyber attack slashed 79 cents per share from its profit.”
Fighting Ransomware: 4 Things You Can Do
Law enforcement has had a difficult time fighting ransomware because of the sheer volume of ransomware examples in operation, and the fact that the operations themselves are difficult to track.
There are tools designed specifically to combat ransomware examples. The No More Ransom Project — founded in 2016 by the Dutch Police, Europol EC3, Kaspersky, and McAfee, and in partnership with over 100 other organizations worldwide—has helped decrypt tens of thousands of devices and is also helping to educate individuals and organizations about ransomware.
If your organization is infected with a ransomware attack, the immediate question is usually “Should we pay?”
We — along with the No More Ransom Project and various governmental agencies — do not recommend paying the ransom. This simply confirms the ransomware business model and encourages the cycle to continue.
There are several things you can do if your network is infected with ransomware:
- Back up your data for easy retrieval if your network is attacked.
- Use antivirus software with a good reputation.
- Keep your computer operating systems up to date. We found that 67% of systems affected by the NotPetya attacks were running on Windows 7, an outdated operating system at the time.
- Educate your employees on proper cyber hygiene, and set clear protocols with regard to opening email links and attachments.
For additional data on the rise of ransomware, download this Bitsight Insights report.
It highlights how ransomware infections have grown, the industries that have exhibited the most ransomware infections, and how businesses can help mitigate the threat of ransomware.