Recently, Webroot released their 2017 list of nastiest ransomware and we agree that this list is worthy of being called downright nasty. Check out what ransomware made the list of top ten!
NotPetya also know as Petya is a malware that targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting.
It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.
WannaCry is a ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself.
This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.
Locky is a ransomware malware that was released in 2016 and became super active in 2017.
It is delivered by email with an attached Microsoft word document that contains malicious macros.
When the user opens the document, it appears to be full of garbage, and prompts users to "Enable macro if data encoding is incorrect," a social engineering technique.
If the user does enable macros, the macros then save and run a binary file that downloads the actual encryption trojan, which will encrypt all files that match particular extensions.
Once the files are encrypted the attacker will demand ransom to be paid by bitcoin before they will release the encrypted files.
CrySis is distributed by outside forces that scan the internet for open Remote Desktop Protocol (RDP) ports.
When the malware finds an open port it guesses usernames and passwords until it can login where it then infects everything it can.
Once logged in it's off to the ransomware races.
Nemucod is a ransomware that takes hostage of users files and which changes the file names to *.crypted.
Because this ransomware is written in a scripting language, it’s easily to modify and re-deploy.
This has, for a majority, bypassed antivirus protection and spam email protection.
Jaff is spread by Necurs, which has the reputation for being one of the ‘best’ malware distributors, via spam emails containing a PDF attachment.
The PDF file contains an embedded DOCM file which, when opened, prompts the user to allow opening the DOCM file.
The DOCM then runs a macro which downloads an encrypted TXT file, which is then decrypted by the macros in the doc, and turns into a malicious EXE file which will execute the JAFF ransomware.
Spora is distributed by various ways – from phishing e-mails to infected websites dropping malicious payloads.
After being deployed, Spora ransomware runs silently and encrypts files with selected extensions.
This malware is often distributed via Exploit Kits which is almost always the weapon of choice used by cyber criminals to push out malware onto their victims.
CryptoMix is a combination of CryptXXX and CryptoWall.
It's in the ransomware family that was first spotted on March 2016 and is still spreading via malicious spam campaigns and exploit kits, such as Nuclear, Neutrino, and RIG.
The Jigsaw Ransomware, named after the iconic character that appears in the ransom note, will delete files every hour and each time the infection starts until you pay the ransom.
Click here to get the Ransomware Guide for Businesses.>>
What do the Webroot professionals have to say about Ransomware?
VP of Worldwide Business Sales
"Ransomware is not going away. This is a list of the most destructive from the past year, but each week brings a new, more unsettling variant. Its essential small- and medium-sized businesses enlist the help of a managed service provider to elevate their security posture."
"Make sure you are doing the basics, your cyber hygiene profile is documented and you have personnel or an MSP covering:
a. Inventory – do you understand what’s on your network?
b. Patch management – keep your applications and operating systems up to date and configured correctly for your network environment.
c. Anti-virus/anti-malware – keep your AV platform of choice updated and ensure you have it periodically scanning your SMB for intrusions
d. Data services/Backup - Identify critical business data and back it up, test it and verify its availability. Turns a ransomware attack into a nuisance rather than a business killer.
e. Access control – manage who has access to your networks, what permissions they have and make sure this is continuously monitored.
f. Training – periodically train your IT staff and your business personnel on cyber awareness, your people are on the front lines and will see malware first, train them on what to watch out for and how to be safe."
So there you have it, the top ten nastiest ransomware of 2017 according to the Webroot professionals!
Want to read more about ransomware? Check out our article How Ransomware is Affecting Healthcare.