Search
Close this search box.

Examples of Ransomware

Ransomware is an ever-changing process. To understand current examples of ransomware, we have to go back to the beginning.

The History of Ransomware

The history of ransomware is replete with horror stories of lost data and massive remediation costs. In the time-honored tradition among cybercriminals dating back to the earliest days of personal computing, ransomware attacks are becoming more sophisticated and aggressive, upping the stakes and demands for cash in the form of cryptocurrencies.

1989's AIDS Trojan

The first such attack, the AIDS Trojan of 1989, required a $189 ransom sent to a P.O. box in Panama to obtain a decryption key. Today, some sophisticated cyberattackers are basing their ransom demands on the cyber insurance coverage of their victims, with sliding scales to ensure the largest payments per victim.

Corporate Data

By stealing corporate data that lists insurance coverage—either from the insurance companies themselves or from their customers’ corporate files—criminals now can create bespoke demands for each target. Sometimes attackers use open source intelligence, such as news articles about cyber insurance, or information found in SEC filings and on company websites, to tailor an attack for prey.

Double Jeopardy

Corporate victims of ransomware attacks are in a catch-22 situation when it comes to paying attackers. Depending on the size of the ransom, it can be a business decision to simply pay and hope the decryption codes work, but federal laws against funding sanctioned terrorists can put companies in legal jeopardy if they make ransom payments.

Pay, and Pay Again

A new wrinkle vexing ransomware victims is the dual demand for not only payments for a decryption key to unlock data encrypted by the malware, but also a second payment to the attackers to keep them from distributing the stolen data onto the Dark Web. Recently, at least three ransomware gangs began explicating, warning victims they would publish the stolen data if the victims reported the attacks to federal agencies.

If history is a predictor of the future, ransomware will become more sophisticated and expensive. While defenses do exist, these defenses need to be 100% effective, which none are. The attackers need only to sneak in one successful phishing email or convince a single user to visit a compromised site. As a result, cybersecurity needs to be at the forefront of a corporation’s security policies and procedures.

Initial Intrusion Tactics

Ransomware shows no signs of slowing down, and ransomware tactics are constantly changing and evolving. Despite that, it remains true that phishing is—by far—the most common ransomware tactic for getting inside an organization, requiring the victim to simply open a compromised file.

Popular malware distributed via phishing includes Locky, Cerber, and Nemucod. This classic attack asks victims to simply click on an attachment, often with unassuming names such as “Telephone Number List” or “Corporate Holidays.”

Another common ransomware tactic takes the form of an email that claims the attacker recorded the victim using the victim’s own webcam. These are generally bogus, as normally there’s no stolen video to release, but just the threat of such is often sufficient to extort money.

As an unfortunately growing business, ransomware is branching out to the cloud—not just as an attack vector for the criminals, but also as a delivery source. Ransomware as a Service (RaaS) provides even non-technical criminals with the resources to launch effective attacks.

RaaS operates much like any other service operation: Attackers first select the ransomware payload and delivery method. Then the RaaS providers, sometimes referred to as “gangs,” offer the criminals who launch the attacks various payment options. These include a one-time service fee with no profit sharing; an affiliate program that includes a monthly fee plus profit sharing; a flat fee for the attack; or just profit sharing.

Attackers even offer customer support for victims who don’t know how to pay with cryptocurrency. The customer support personnel might need to walk the victim through not only the payment process, but also the remediation efforts to unencrypt the ransomed data.

Popular RaaS attacks include such malware families REvil, which was used against Kaseya and thousands of other businesses on July 4, 2021; and the LockBit attack group that has been active throughout 2021, particularly during the summer. LockBit, which describes itself an “affiliate program,” reportedly has been working with other criminal groups such as REvil/Sodinokibi, DarkSide, and Netwalker.

Examples of Ransomware

Stopping ransomware from entering a network is a top priority among IT security personnel. While ransomware bears many of the same potential threats as other forms of malware, its primary goal is to drain bank accounts of its victims. And, unfortunately, there are plenty examples of ransomware in which this has happened.
Those examples are getting more common, too.
Ransomware attacks have caused massive, social disruptions—just think about the long lines at gas stations on the East Coast of the United States after the Colonial Pipeline attack—but very expensive attacks, as well.
In March, for example, Taiwanese computer manufacturer Acer was a victim of the REvil ransomware malware. The demand of a $50 million payment is the largest known ransom to date, although CNA Financial allegedly paid attackers $40 million after a Phoenix CryptoLocker attack on the insurance company’s network.
Paying ransomware actors doesn’t …
… necessarily solve the problem, either. The malicious code can embed itself into backups and lay dormant, only to reassert itself if the backup is restored. It also can hide in plain sight as a system file, for example, that can be launched again.
Other attack vectors for ransomware include social media sites, downloads from app stores, PDF and other files shared on gaming or other consumer sites, and a variety of other simple and common file-sharing environments. More sophisticated attacks have been seen from downloads of software drivers, software updates to otherwise benign applications, and code embedded in hardware products such as video cards.
The criminals demanding payment …
… might not even be the ones attacking the victim. RaaS, which can range anywhere from providing a turnkey ransomware attack to simply providing the elements needed for the attack, is a commercial operation that provides ransomware services to those who either aren’t technical enough to conduct their own attacks or to those conducting massive attacks and need additional attack resources.
Defending against such attacks requires the user to assume anything they download or install on their computers is, by definition, potentially compromised, thus everything needs to be tested and cleaned before being allowed to operate in a production environment. As President Reagan said: “Doveryai, no proveryai.” Trust, but verify.

Get Your Copy of Ransomware:
Understand. Prevent. Recover

It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!

Ransomware-2E_Book-cover-mockup-left

Download The Free 313 Page Book: Ransomware Understand. Prevent. Recover

Download The “How To Prevent Ransomware” Cheat Sheet

Grab this free PDF resource on how to prevent Ransomware

Share This Resource With Others

Embed The “How To Prevent Ransomware” resource on your site or blog using this code.

Get More Ransomware Tools Directly In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.

A REVEALING REPORT FOR IT PROFESSIONALS BY IT PROFESSIONALS

Free Download Now &
Stay Ahead In Future

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too
Share via
Copy link
Powered by Social Snap