#Attackersdeployransomware
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
fixated-cookies
hyperfixation blog!!
119 posts
08082012iamalive
Playing. Learning. Waiting.
496 posts
mooniesim-blog
sul, sul!
4 posts
hning1917
n.pham
80 posts
mrsingaporeworldwide
Untitled
0 posts
Fun Fact
Users from the US are the majority of Tumblr visitors.
govindhtech · 1 month ago
Text
What are The Types of Ransomware and Ransomware History
Tumblr media
Cyberattacks like ransomware are serious. Among the most dangerous malware, they can affect any company. Within four days of network access, attackers deploy ransomware, leaving little time for detection and prevention. Stopping operations, losing money, reputation, and data.
According to the IBM Cost of a Data Breach report, ransomware breaches average USD 5.68 million, excluding ransom payments. Not all ransoms reach $80 million.
Better threat detection and prevention reduced ransomware attacks 11.5% between 2022 and 2023.
The Ransomware Types
Varying ransomware strains exploit vulnerabilities.
Crypto ransomware: Locks important files until a ransom is paid. WannaCry, Locky, CryptoLocker. Ransomware encrypts.
Without payment, this ransomware blocks the victim's device or system from accessing files or apps. Screen-locking ransomware isn't encrypted.
Scareware: Fake software that diagnoses system issues and recommends dangerous fixes. Scareware can restrict system access or bombard users with pop-ups to install malware or pay. Scareware can provide or be ransomware.
Leakware, or doxware, steals confidential data and threatens disclosure without payment. The attacks pressure victims with reputational danger. Modern variants steal and encrypt data.
Mobile ransomware: Spreads via malicious apps or drive-by downloads. Most mobile ransomware involves screen-lockers since cloud backups make encryption attacks easier to reverse.
If unpaid, ransomware wipes data. Ransomware by cybercriminals and nation-states erases data after payment.
Modern ransomware uses double- and triple-extortion. Unpaid double-extortion threatens to steal and publish vulnerable data online. Consumers or business partners with stolen data face triple extortion. Even with data backups, these methods raise the stakes. Since 2019, the IBM Security X-Force incident Response team has seen double extortion in most ransomware events.
Infection via Ransomware
Ransomware can attack systems via multiple channels. Well-known methods:
Phishing uses emails with phoney attachments or malicious websites to get people to download and run hazardous programs.
Zero-day vulnerabilities in operating systems and applications allow cybercriminals to inject malware. The 2017 WannaCry assault used fixed vulnerabilities.
Stolen, bought, or cracked user credentials are used to log in and deploy ransomware via Remote Desktop Protocol (RDP).
Malware like Trickbot Trojan (which seeks banking details) can spread ransomware.
Drive-by downloads: Ransomware can infiltrate devices without user awareness via exploit kits or malvertising.
In legitimate online interactions, cybercriminals utilise thread hijacking to spread malware.
RaaS: Ransomware as Service
Cybercriminals distribute ransomware via RaaS. Malware developers share code with “affiliates” who split the ransom. Developers and affiliates can benefit without releasing new attacks or malware. RaaS distributors can sell dark web access or recruit affiliates. Major ransomware gangs have recruited affiliates.
Staged Ransomware Attack
Typical ransomware attacks include many phases:
Initial access: Phishing, vulnerability exploitation, or hacked RDP protocols give attackers access.
After initial access, attackers may utilise RATs to consolidate.
After acquiring access to a system or network, attackers may lateral migrate to other systems and domains.
Ransomware thieves steal credentials, customer data, and IP. Double-extortion uses data theft.
File encryption, system restoration disablement, and backup deletion/encryption increase pressure with crypto ransomware. Unencrypting ransomware locks or spams the device. The ransomware then delivers a text file or pop-up window with instructions on how to pay the ransom (usually in cryptocurrency) to decrypt or regain access.
History of ransomware
Thousands of ransomware variants exist. Some prominent ones:
The AIDS Trojan was the first floppy-disk ransomware in 1989. It concealed file directories but was easily reversed.
CryptoLocker, introduced in 2013, allowed cryptocurrency ransomware.
An unpatched Microsoft Windows vulnerability attacked 200,000 devices in 150 countries with WannaCry. The ransom threatens file deletion if not paid.
File system table encryption by Petya and NotPetya affects PC booting. A 2017 Ukraine attack utilised a modified NotPetya wiper that could not restore systems after payment.
Ryuk, a 2018 ransomware attack, popularised large-scale attacks on high-value targets with high demands. It finds and disables backups.
A purported Russian gang, DarkSide, assaulted the Colonial Pipeline in 2021, briefly halting petroleum supplies. The group licenses ransomware using RaaS.
Encrypting malware Locky hides hazardous macros in email attachments, usually bills.
IN 2021, REvil (Sodinokibi) popularised RaaS for big-game hunting and double-extortion attacks against JBS USA and Kaseya Limited.
Since 2020, the Conti gang's large RaaS scam paid hackers. In a unique double-extortion scheme, Conti threatened to sell network access to hackers. After 2022 internal communication dumps, the gang separated, however former members are tied to BlackBasta, Royal, and Zeon.
A popular 2023 ransomware version is LockBit. The company is known for businesslike conduct and malware acquisition. LockBit assaults victims despite police efforts.
Paying Ransom
An average ransom is hard to quantify, however estimates range from six to seven figures. Ransom payments dropped from 70% in 2020 to 37% in 2023, perhaps owing to better planning.
Agents from the FBI and NCIJTF aggressively discourage ransom payments. Payment may not retrieve data, strengthen attackers, support criminal conduct, or promote more attacks.
Strong backup systems provide negotiation-free recovery. Authorities recommend reporting attacks before paying. Payment of ransom to attackers from US economic sanctions or state governments in particular US regions is illegal.
Ransomware prevention
Ransomware prevention requires technology and user behaviour. Main strategies:
Regular OS, app, and firmware upgrades fix ransomware security holes.
Detect and eliminate threats using real-time scanning, behavioural detection, and automated updates from contemporary antivirus and anti-malware software.
A good firewall blocks unauthorised network access.
Phishing prevention: Email filtering and scanning detects suspicious links and attachments.
Regular backups speed recovery without ransom. Secure, immutable backups can restore data if systems fail. Data should be replicated three times on two media types, one offsite. Seagate Lyve Cloud backups offer geographic redundancy, encryption, and immutability.
Firewalls, intrusion detection systems, network segmentation, and secure VPNs help thwart attacks. Least privilege access and endpoint security harden networks.
AI can predict and stop assaults by studying behaviour, detecting anomalies, and stopping attacks before they start. AI-powered systems can monitor users and endpoints, detect zero-day attacks, and respond faster using playbooks.
Policies and procedures: Ready crisis response requires a detailed strategy with responsibilities, timetables, and communication channels.
Teams require regular security awareness training to spot phishing and suspicious emails because human error is a huge risk.
Ransomware Response Plan
Every system is vulnerable, hence a detailed response strategy is needed. Actions include:
Disconnect compromised systems immediately to stop ransomware.
Report to authorities: Request FBI or CISA law enforcement assistance. Legal duties may require reporting.
Damage assessment: Identify affected systems, assess data compromise, and contain with IT/security teams.
Use the latest clean backup to restore data. Immutable solutions like Seagate Lyve Cloud are needed for reliable recovery. Inform employees, partners, and consumers to build trust and reputation.
Don't pay the ransom: Experts say it may not retrieve data and may encourage more attacks.
#Ransomware#Runningransomwareasaservice#ransomwareattacks#PayingRansom#preventRansomware#Attackersdeployransomware#technology#TechNews#technologynews#news#govindhtech
0 notes