Business Case Studies

Top 10 Ransomware Incidents

Ransomware, a significant threat to companies, is actually a malicious software that encrypts user’s data and denies them access to the system or files by encrypting the files or devices till a ransom amount is paid. This has evolved a need for a secure archiving solution for companies – be they big or small.

Here is a list of 10 biggest ransomware incidents in history…

PC CYBORG (AIDS TROJAN)

PC Cyborg was started in 1989 by Dr Joseph Popp, an AIDS Researcher through floppies. He spread 20,000 floppies at a conference that purportedly contained a program to assist the research of the attendees. It affected machines in just one use and demanded $189 ransom to be sent to a post office in Panama. It waited for 90 reboots before altering file and directory names, leaving the system futile and presenting the demand. This provided sufficient time to spread further through Sneakernet. However, since the cyborg used symmetric encryption, a secure archiving solution was sought quickly.

ARCHIEVUS

In 2006, Archievus struck which targeted Windows user’s “My Documents” folder and used RSA encryption to make it hard to be decrypted. The victims of this ransomware’s attack had no other secure archiving solution except for buying the key from specific online sellers. It was later found that the password was the same for all the encryptions and was revealed to help other victims retrieve their data. The password was “Mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw”.

REVETON

Reveton aka “The Police Trojan” presented itself in 2012 as a warning from law administering agencies varying according to the victim’s region. The warning indicated that either unlicensed software or pornography has been detected on the system of the victim. To add authenticity to the threat, personal details or webcam footages were added along with the demand. In order to unlock their system and victims had to pay a hefty fine through various payment methods.

CRYPTOLOCKER

Making an appearance in 2014, Cryptolocker was another Trojan horse attacking Windows users. It spread through email attachments and botnet activities. It used asymmetric encryption and demanded payment through Bitcoin from the victims. The estimated amount paid in ransom was USD $3M – $27M before taking the botnet down. A secure archiving solution was provided after law enforcement agencies made arrests and the decryption key was made available online.

 

CRYPTOWALL

This may have arrived in 2013 but became prominent in 2014. Cryptowall was much similar to Cryptolocker in terms of the demand display. This was also spread through email attachments, infected downloads and email spam botnet. It affected approximately 625,000 systems and US $1M was paid by victims. It deleted even the shadow copies rendering shadow copies as a secure archiving solution useless.

TORRENTLOCKER

Torrent Locker was based on Cryptolocker’s code and is spread through email attachments or download links to certain files. Torrentlocker targeted both local and network accessible files and demanded payment on deadline basis by encrypting files through an asymmetrical code. Ransom started with USD $550 payable in Bitcoin which would increase after 72 hours.

LOCKY

In 2016, LOcky gained significance as it attacked a major US healthcare company. The Hollywood Presbyterian Medical Centre paid USD $17,000 to retrieve their data and patients’ records. It spread through a Word Document in the guise of an invoice which would ask to enable macros which in turn would encrypt data and demand ransom through Bitcoin. Variants of LOcky are still being detected.

PETYA

Surfacing in March 2016, it encrypts drive’s file system tables instead of individual files. It overrides Windows bootloader and causes the system to reboot which will encrypt both file table and system. It also demanded payment through Bitcoin.

WANNACRY

WannaCry hit the Internet recently in 2017, affecting 200,000 systems in 150 countries. It spread from an infected system to others on the same network and used the code allegedly created by the United States National Security Agency, which had been deemed stolen. Companies that had secure archiving software were not affected by this malware.

NOTPETYA

This ransomware started in the Ukraine, and spread like fire throughout the world. Instead of propagating through email attachments, it got into Companies using M.E.Doc, a tax preparing software. Companies that tried to install or update the software activated the malware instead and the victims had no secure archiving solution even after updates of vulnerabilities in March 2017.