The threat of ransomware has been ever present in 2020, especially within the high-stakes industries like healthcare and those involved in the election. According to Verizon's 2019 Data Breach Investigations Report, 24% of security incidents that involved specific malware functionality exhibited ransomware functionality.
These threats shouldn’t be new concerns for security leaders; A BitSight Insights report found in 2016 that instances of ransomware more than tripled—and in some cases increased tenfold—for many industries between July 2015 and July 2016.
These ransomware statistics indicate just how important it is to pay attention to how your organization could be vulnerable. We’ve outlined what’s led to ransomware’s proliferation, as well as eight ransomware examples you should be paying attention to and how you can combat attacks.
What Makes Ransomware So Widespread?
As examples of ransomware continue to become more prevalent, here’s a question worth considering: “What makes ransomware such a common form of malware?”
The answer comes down to money and time.
Ransomware attacks are significantly faster and cheaper to carry out compared to many other cyber models, and have a much higher payout.
Take a banking trojan operation for example. Prior to ransomware, banking trojans were the most common form of malware. The banking trojan business model is extremely complex and requires many people to play many roles. The top technical individuals set up an infrastructure that allows infected bots to exfiltrate information. The drop organizers mine the exfiltrated information and steal bank account details to send the funds to outside bank accounts. Then they withdraw those funds and send them back to multiple hacker-run accounts. This scheme of money laundering limits profit because they have to split the earnings with everyone else involved in the cash-out.
The business model ransomware examples follow has a number of benefits over banking trojans and other forms of malware:
- It’s easier to launder cryptocurrencies than it is to launder traditional money. If the funds aren’t withdrawn right away, the fluctuation of Bitcoin could make the ransom even more valuable.
- Since fewer people are involved in the operation, the bad actors don’t have to split the stolen currency.
8 Dangerous Ransomware Examples
Ransomware encrypts data on a server, workstation, or mobile device, and demands a ransom via a cryptocurrency like Bitcoin. Not every example of ransomware is financially motivated — some is primarily intended to cause an operational disruption on a network. Below, are eight real-life ransomware examples that are regularly used — and extremely dangerous.
Financially-Motivated Ransomware
1. Locky first appeared in February 2016 and has become one of the most distributed ransomware example. In late 2016 it became so proliferate that it was named one of the three most common forms of malware, and still today there are distribution campaigns of Locky via email.
2. Troldesh is mostly distributed in Russia and European countries. It is not prevalent in the U.S.
3-5. GlobeImposter, Philadelphia, and Cerber are all ransomware examples using the “Ransomware as a Service” (RaaS) model. While some cyber criminals make and distribute their own ransomware, some have begun to provide a software package—complete with ransom note customization—to other cyber criminals for a fee.
Disruption-Motivated Ransomware Examples
Interestingly, some of the biggest ransomware examples of 2017 are believed to be motivated by operational disruption or systemic harm, not financial gain.
Two recent attacks used a single Bitcoin wallet to collect ransom, placing greater emphasis on the disruption itself rather than payment collection. This tactic also makes it impossible for the distributor to know which victims actually paid the ransom requested.