Beware, Ransomware Attackers are Getting into Your System
The attackers demand a ransom from the victim to restore access to the data upon payment.
Ransomware attacks are becoming a threat to the working system. In contrast to the general aspect that ransomware attackers focus on manufacturing and government sectors, 2020 is shifting the focus to healthcare, professional services, and technology and telecom.
Ransomware is a form of malware that encrypts a victim’s files. The attackers then demand a ransom from the victim to restore access to the data upon payment. Users are shown instructions on how to pay a fee to get the decryption key. The cost that criminals demand ranges from a few hundred to millions of dollars payable in Bitcoin. One of the most common delivery systems of taking control over a computer is through phishing attacks. The cybercriminal can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some of the other forms of ransomware like NotPetya exploit security holes to infect computers without needing to trick users.
Ransomware attacks have drastically grown in recent times. Kroll, a global investigations firm reveals that remote working contributes to nearly 47% of the ransomware attacks in 2020. The report further unravels a lot of information about the current phishing scams.
Cybercriminals target corporates and the healthcare industry
As employees are working remotely, it gives cybercriminals the luxury to minimize their tactics. Ransomware attacks are becoming more common as people working from home have a less secure network and follow low key protocols. According to Kroll, around 35% of all cyberattacks in 2020 are due to the top three ransomware variants.
Ryuk: Ryuk is a type of ransomware attack used in targeted attacks, where the threat actors make sure that essential files are encrypted so they can ask for a large ransom amounts. Ryuk is one of the first ransomware families to include the ability to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint. This means the attackers can then disable Windows System Restore for users, making it impossible to recover from an attack without external backups or rollback technology.
Sodinokibi: Sodinokibi, also known as REvil or Sodin is a ransomware-type program created by cybercriminals to encrypt files stored on the victims’ computers and make them pay to access the files. The name of the text file depends on the extension added to the encrypted file.
Maze: Maze is a particularly sophisticated strain of windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. Maze can spread across a corporate network, infect computers it finds and encrypts data so it cannot be accessed. But what makes Maze more dangerous is that it also steals data it finds and exfiltrates it to servers controlled by malicious hackers who then threaten to release it if a ransom is not paid.
Many ransomware attacks in 2020 focus on stealing data from the corporate and medicine industry. Cybercriminals enter into an employee’s computer or laptop by sending a mail. If he/she is careless, and opens it and gives access, the criminal collects all the company info from the worker’s side. If the company security system is weak, then the criminal gets an opportunity to enter the company files and gather information from there. They ask a sum to give back the information. In some cases, ransomware gangs have been reneging on promises to delete data after the first ransom is paid and demanding a second payment.
With the medical industry switching to tech solutions in the digital era, not all workers are aware of ransomware attacks. Healthcare is taking baby steps towards digitization. However, the pandemic has expanded its limit on a large-scale in recent months. So the industry is falling prey to ransomware attacks. Kroll found that a gang of cybercriminals had sent emails directly to patient’s threatening to expose their personal health data.