Ransomware is the worst threat in the modern world . To say it is the threat report of Unit 42, the global threat intelligence team of Palo Alto. The research explores the trends of this type of malware, the variants and the ways in which they attack victims, also providing various good practices to prevent and counter them.
The Lazio region cryptolocker attack is just the latest of the ransomware that has severely affected systems around the world. Last May, malware hit a US pipeline , one of the nation's largest, causing an interruption in the transportation of supplies. In this case, the Colonial Pipeline had finally paid the ransom , driven by the need to re-establish the network's operations. 2020, in particular, was the year of full ransomware explosion , recording a dramatic increase. Among the "closest" to us we remember NetWalker, which hit Enel Group last October.
Ransomware: the 2020 report
In the research carried out by the Palo Alto team, attacks in Europe, the United States and Canada are considered. If in 2019 the average ransom paid was 115 thousand dollars, in 2020 this figure has risen by 171%, reaching almost 313 thousand dollars. This type of malware generates a real business , and also a very profitable one : the attackers increased the ransom demands up to 30 million dollars in 2020, in contrast to the 15 million (maximum) in 2019. A doubling due to the fact that the ransoms are paid in most cases , and cybercriminals manage to make a lot of money with this attack.
Hackers had no qualms: the most affected sector was the healthcare sector . Hospitals, health and research centers have become the prime target of the attackers. Knowing that health systems could not crash even for a day, the crybercriminals focused their efforts on attacks against these realities, confident that the organizations would pay for everything immediately. Unscrupulous people who have made ransomware a real threat to life .
In addition to blocking entire systems, modern ransomware brings with it a double extortion component : not only are systems knocked out, but attackers steal sensitive data to force the victim to pay . In the event of non-payment, the stolen data is made public, increasing the damage inflicted. The studies showed that the malware family that most exploits this component is NetWalker: in just one year (from January 2020 to January 2021) it caused leaks to 114 organizations around the world.
The main variants of the ransomware threat
2020 was the golden year for ransomware. By exploiting the Covid-19 pandemic along with the fear and chaos that ensued, phishing attacks have found fertile ground to pave the way for ransomware . Especially at the beginning of the pandemic, when information was fragmented and fake news abounded, links and e-mail attachments brought with them so many infections and with extreme ease. Old ransomware families have returned to the rescue, but new ones have also emerged . The Unit42 report identified the main ones for 2020:
- Ryuk : Active since 2018, this family has hit a variety of organizations. From government sites, to the health, energy or technology sectors, no one has survived. This type of ransomware usually uses other malware ( backdoors ) to infiltrate systems, such as Trickbot, BazaLoader, and Emotet.
- Maze : is a variant of the ChaCha family and has been active since May 2019. Also in this case, the affected sectors are many, as well as the nations (United States, Canada, France and Switzerland). In the last months of 2020 Maze had evolved to send its payload from a virtual machine, so as to evade controls.
- Defray777 : Active since 2017, this variant runs totally in memory and affects both Windows and Linux systems. The malware has also hit Japan and Brazil, with up to 42,000 dollars worth of ransom in bitcoin.
- WastedLocker : One of the newer variants, active from May 2020. It is assumed that the group behind this malware is Evil Corp ( remind you of anything? ). This variant is also one of the most dangerous, as it can pretend to be a browser or a legitimate software update.
- NetWalker : one of the most frequent variants and the main cause of data leaks. It is also called MailTo and has been active since August 2019. Its ransom demands have reached up to $ 2 million.
- Dharma : we are facing one of the oldest variants, active since 2016. This ransomware aims to obtain privileges by exploiting the SMB ( Server Message Block ) protocol, used to share files, printers and communication ports.
How to defend yourself?
Ransomware will continue to proliferate more and more , increasing in variations and abilities. In the future we will also see an increase in the use of double extortion, and this will also lead to an increase in the money requested by attackers, creating a dangerous vicious circle.
The ways to protect yourself from the threat of ransomware are similar to those used for other malware, although the former have many more pitfalls. Suspicious attachments and emails should never be opened, and all software should always be kept up to date . Employees should be trained properly, informing them of the risks of their actions and always providing them with the least possible privileges to perform their duties. Investing in cyber security and protection solutions is the first step to better prevent threats . In addition to this, it is essential to keep up-to-date backups and implement a recovery process for recovering encrypted data in the event of an attack. In this case, it is good to have offline back-ups to still guarantee internal access to the data.
The article Ransomware, the threat of the modern world: the report comes from Tech CuE | Close-up Engineering .