Top Ransomware Attacks of 2017: Threats to Your Network Security

Since 2012, ransomware attacks have become increasingly common and now pose serious network security threats to businesses. This past year has reached a new level, exposing some of the most destructive ransomware attacks in history. 

Ransomware attacks are constantly evolving with new variants and tactics. The first step to reducing your chances of being the next victim is to be aware of each attack. We’ve pulled together the top 10 ransomware attacks from 2017 to keep you in the loop:

1. NotPetya

NotPetya began as a fake Ukrainian tax software update, a variant of an older attack, Petya. This attack was different though, using the same exploit that was used with the WannaCry attack. After the software update was downloaded, hackers used exploits to spread the malware laterally through networks. The code used was not designed to extort money, but rather to destroy everything in its path. The attack shut down power plants, banks, supermarkets, and infected thousands of computers among 100 countries. Maersk and FedEx were also affected, resulting in $300 million worth of damage. 

2. WannaCry

WannaCry was a shock to everyone, infecting several hundred thousand people in a single day. The attack used the NSA 0-day Eternal Blue and Double Pulsar, but began as spam emails including fake invoices, job offers, and other traps. External Blue exploits an older flaw in the SMB (server message block) in Microsoft Windows that allows remote code execution. This flaw was patched in the March 2017 update, but many organizations had not patched their systems in time. The attack affected 150+ countries, resulting in damage up to $4 billion. 

3. Locky

This ransomware began in 2016, but continued to surface the web this past August as a phishing email attack. Known to be the king of spam emails, Locky affected millions of users per day. The emails contained a zipped attachment with malicious JavaScript that downloads the Locky payload. Most were posed as fake invoices from companies such as Amazon and Herbalife.

4. CrySis

This attack also began in 2016, but was most recently noticed in May 2017. The attack was in the form of a Remote Desktop Protocol (RDP) compromise. This gives cybercriminals the ability to compromise administrator accounts and systems in order to control entire organizations. The attack affected 22+ countries and had a ransom fee ranging from $455-$1,022.

5. Nemucod

Nemucod arrived as fake shipping invoices but once opened, it began downloading malware and encryption components stored on compromised websites. This ransomware attack began in 2015 and has still shown up in 2017 through spam emails. Nemucod had a random fee of $300, affecting 26+ countries.

6. Jaff

Similar to Locky, this attack targeted victims through phishing emails along with characteristics of other successful malware. Over 21 countries were affected with a whopping ransom fee of $3,700.

7. Spora

This attack took the form of a JavaScript code, which would pop up on the site telling the user to update their Chrome browser in order to continue viewing the web page. Once the "Chrome Font Pack" was downloaded, the system became infected.  The ransom fee ranged between $20-$79, affecting over 28 countries.

8. Cerber

Cerber attacked through RDP, spam emails, and distributed a ransomware-as-a-service (RaaS). RaaS is a service where cybercriminals package up ransomware and pass it to other criminals to distribute. The ransom fee ranged from $300-$600, giving the author of Cerber 30% of the cut. 

9. CryptoMix

CryptoMix was distributed through RDP, infected flash drives, and malvertising- where victims click an infected ad to a hacked shopping site. This ransomware was unique, in which cybercriminals emailed the victims instructions rather than using a payment portal. Over 29 countries were affected, with a hefty ransom fee of $3,000.

10. Jigsaw

Jigsaw, named after a character from "Saw", was distributed through spam emails, but unlike any other ransomware attack, this attack deleted a file every hour until the victim payed the ransom fee. Ransom fee's ranged from $20-$200.

Network Security Services for SMBs

2018 is bound to bring even more cyber security threats to businesses of all sizes. It's crucial for each organization to have reliable network security measures in place to prevent the types of attacks listed above, and a reliable IT services provider like Apogee can help. With extensive knowledge and a vast support team, we help businesses across numerous industries implement the right IT security procedures and tools to protect their users and data.