Ransomware Attacks

- Overview

Ransomware is a type of malware that prevents users or organizations from accessing their files. It does this by encrypting files and demanding a ransom payment for the decryption key.

Ransomware has been around for almost two decades and has grown in popularity because it can more easily bring financial rewards to hackers. It is estimated that there are now 124 separate families of ransomware and hackers have become very adept at hiding malicious code. 

Success for hackers does not always depend on using the newest and most sophisticated malware. It is relatively easy for a hacker to do. In most cases, they rely on the most opportune target of vulnerability, especially with the ease of online attacks.

Some types of ransomware attacks include: 

• Crypto ransomware: Encrypts data and demands a ransom to restore it. This type of malware can attack individuals and businesses.
• DDoS extortion: Threatens to launch a DDoS attack against a victim's website or network unless a ransom payment is fulfilled.
• Mobile ransomware: Targets devices like smartphones and tablets and demands payment to unlock the device.
• CryptoLocker: Encrypts the contents of infected computers, restricting access. Victims are expected to pay a "ransom" to decrypt and recover their files.

Some examples of ransomware attacks include:

• WannaCry: In 2017, this ransomware attack spread to over 150 countries by encrypting data and demanding ransom payments in Bitcoin.
• REvil: Also known as Sodinokibi, this ransomware gang was active from at least April 2019 until it was dismantled in January 2022. REvil encrypts files after infection and discards a ransom request message.

[More to come ...]