What are the Worst Types of Ransomware Attacks?

In the previous article, we talked about what are ransomware and their significant impact in 2017. In this article, we will discuss five worst types of possible ransomware attacks with their examples.

1.    Ransomware-as-a-service

GandCrab Payment Gateway (Source: blog.malwarebytes.com)

In January 2018, a new type of ransomware, going by the name of GandCrab had been discovered. Unlike traditional ransomware, it uses exploit kits such as REG EK & Grand EK and demands a ransom of 1.5 Dash (about USD 500 at the time of writing).

GandCrab is being marketed by developers as a ransomware-as-a-service to lure the budding cybercriminals. It also has a profit-sharing model where 40% of the profits have to be given to the developers. With no prominent ransomware attack in 2018, it looks like the business model adopted by the developers of this malware is yet to take off. Recent developments suggest that a decryptor tool is available in the public domain,[1] but a new version was launched by the developers subsequently.[2]

2.    Mixture of Ransomware

GoldenEye Ransomware (Source: nakedsecurity.sophos.com)

Towards the end of June 2017, a ransomware hit Ukraine’s national bank, state-owned power company and Kiev Boryspil International Airport, the largest airport in the country. The ransomware involved in these attacks was GoldenEye which was believed to be a mixture of NotPetya & Mischa. Just like Petya, it encrypts the entire system of the victim, however, it does not provide any help in retrieving decryption keys from the system. It holds the entire system as a hostage by encrypting files as well as master boot record.

3.    Exploiting Newly Discovered Vulnerabilities

WannaCry Decryptor Screen (Source: computerworlduk.com)

The finest example of a ransomware exploiting the newly discovered vulnerabilities will be WannaCry. Termed as unprecedented in scale, it infected more than 400,000 systems in less than two weeks, WannaCry exploited an existing vulnerability in the SMB protocol. An update for patching up this vulnerability was duly launched by Microsoft in March 2017 i.e. two months before the attack. (You can read in detail about the WannaCry attack here.)

4.    Encrypt Everything

Locky Decryptor Screen (Source: paloaltonetworks.com)

Generally, ransomware encrypts the existing files on a victim’s system so as to hold these files as a hostage and demand the desired ransom. Same is not the case with ransomware such as GoldenEye and Locky. Locky was termed as well-engineered, ruthless and a clever ransomware. Along with encrypting the existing files on the system, it encrypted Bitcoin wallets and VSS. Window’s VSS (Volume Snapshot Service) takes automatic or manual backups and it can be easily used to recover files on the victim’s system.

5.    Virus-like Ransomware

zCrypt Decryptor Screen (Source: blog.malwarebytes.com)

Usually, a ransomware spreads via email or drive-by downloads. zCrypt took an unusual root of spreading onto other computers via USB sticks. Once it reached a target system, it creates a file named autorun.inf to execute automatically when the infected USB stick is plugged into a different computer. After encrypting the files, it instructed the victim to make a payment of 1.2 Bitcoin (equivalent to $500 in January 2016) within a period of four days. After this period, the ransom will increase to 5 Bitcoins and the decryption key stored in the attackers’ server will be entirely destroyed if no payment is made within seven days.


[1] https://labs.bitdefender.com/2018/02/gandcrab-ransomware-decryption-tool-available-for-free/

[2] https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/

2 thoughts on “What are the Worst Types of Ransomware Attacks?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s