What you have taught us most famous attacks ransomware with 2017 year?

Payment fraud is just the tip of the iceberg compared to other threats, which carry with them the ransomware attack. In fact it's not ransom turns out to be the most severe. The most serious losses associated with malware, ransomware may be with the following situations:

  • The loss of data.
  • Interruptions in the operation of the systems.
  • Need to reset and Exchange infrastructure.
  • Productivity.
  • The increase in crime.
  • Reputation.
  • Human life, in the case of such places as hospitals and health care facilities.

Company CyberSecurity Venture, is one of the leaders in the international market research and publications dealing with the issue of global cybergospodarki, found that worldwide losses caused by malware, ransomware can the end of the year 2017 to reach or even exceed the huge sum of $5 billion. This represents a five-fold increase since the year 2016, and it is assumed that in just 2 years this number will grow another 15 times. Worldwide losses caused to by malware type ransomware is estimated at more than 11.5 billion dollars a year (to 2019).

ataki ransomware liczby

Ransomware attacks in the year 2017

Let's look at examples of malware that last year gathered a powerful toll and let's analyze where are these so great a loss. We can see a certain regularity-the creators of malicious software focus on companies in which the security of key customer data is an essential part of daily operations. The adoption of such a strategy has proved effective in phishing attacks from victims of ransom, and for some of them has become a source of problems in terms of reputation. Malicious software Petya deviates from this schema because there was it never desire to profit. His goal was to distort the functioning of the affected organization.

ataki ransomware skala problemu

Most of the examples of malware type ransomware is based on two extremely effective sources of attack: emails containing spam and sets of exploits. There is nothing new – spam emails are still distributed by Botnets and malicious ads are increasingly used to confuse the users to click in the source leading to malicious software. Some attacks are based on the use of sets of exploits to provide malware, ransomware, but often there is a need for user interaction.

Procedure for ransom still remains the same. Most groups of malware type ransomware still relies on the RSA and AES algorithms. Often it is not possible to free decrypt or recover files, unless coding items are incorrectly implemented or found the code to decrypt them.

As a rule, payment transactions take place using mining or TOR (The Onion Router), making it difficult to reach the authors of malicious attacks. Some cases of malicious software such as, for example, CryptXXX, to data theft using additional tools. CryptXXX steals credentials and encrypts to different accounts on the network. All this would not be empty-handed, even if the victim refuses to pay the ransom. This approach has been adopted in the case of such malware as Petya, Bad Rabbit, is the new version of the software a lot. So what has changed?

One of the most important changes in the field of malware type of ransomware, which appeared this year, we found the inclusion of exploits that attack vulnerabilities in network protocols. This exploit allows a malicious software configuration to the computer worm, which makes that he can spread around without taking any action by the user.  -explains Robert Dziemianko from G DATA.

Let's look at the malicious software WannaCry, which appeared in the year 2017. The total damage caused by the "worm" was estimated at about $4 billion, and infected more than 200 000 PCs. Software WannaCry on roznosiło the virus through "Eternal Blue", wykradzionego a project related to exploit National Security Agency (NSA). It uses a vulnerability of Microsoft Windows in the default running the Server Message Block (SMB) protocol used for sharing files on the network. Pay attention to the fact that the patch this vulnerability (patch MS17-010) was created in March 2017, two months before in may 2017 attacked WannaCry. This indicates that infected machines have not been updated or operating systems were so antiquated that were not subject to update, which is very likely if you are running Windows XP or older Windows operating systems.

The numbers are indeed alarming, however, let's look at the lighter side of this issue (Yes, the positives can also be found). As has already been mentioned, the patch for the vulnerability, which used malicious software WannaCry developed before there has been a massive attack. The equipment, which has gone through the correct update was able to stop malicious software spread on following devices on the network. These data show that the software update to the latest version of the Windows operating system is the best possible solution.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.