Ransomware is a type of malware that prevents users from accessing their network or personal files, only allowing them to regain access in return for a ransom payment. There are a few ways that ransomware can infect your computer, with one of the most common methods being malicious spam, or malspam. Malspam is an unsolicited email that is used to deliver malware, using social engineering tactics to trick the target into opening malicious attachments or links. Another popular method is Malvertising, which distributes malware through online advertising such as pop-ups.
That covers distribution of ransomware, but when it comes to the different types of ransomware itself there are quite a lot to cover as they are constantly changing and evolving, so for now we will discuss the 5 most prominent examples from the last 5 years.
CryptoLocker spreads via attachments in spam messages, using encryption to make user files inaccessible and demanding payment in return for the decryption key. At its height in 2013/14, CryptoLocker infected over 500,000 machines – allegedly even including two NASA computers – but it was ultimately brought to an end by Operation Tovar. However, variants of the ransomware are still popping up to this day.
Originally seen as just another CyptoLocker variant, this ransomware didn’t take long to get its own name. TeslaCrypt targets gaming files such as game saves, user profiles, maps, etc. Not only are these files very important to hardcore gamers, but they are likely stored locally rather than in the cloud or backed up externally. Again, these files would be encrypted until a ransom payment was made, and by 2016 TeslaCrypt made up 48% of ransomware attacks.
Mobile phones are a big part of our daily lives now, containing more valuable files than they ever used to, catching the attention of many ransomware attackers – for SimpleLocker, the target was Android. By 2016, Android users had began experiencing many ‘blocker’ attacks, which merely made it more difficult to access files, but SimpleLocker was the first ransomware to actually encrypt files and make them completely inaccessible. It was also the first known ransomware that delivered its malicious payload via a trojan downloader, making it difficult for security measures to keep up with.
Petya was a ransomware that dated back to 2016, but a year later an updated version named ‘NotPetya’ began to quickly spread, advancing far beyond its predecessor. The main difference between the two is that Petya required the victim to download the malware from a spam email, launch it, and then give it admin permissions – however, NotPetya can spread without human intervention.
WannaCry is a ransomware worm that spread rapidly in 2017. After infecting Windows computers, it encrypts the files on the hard drive until a bitcoin payment has been made. This attack infects PCs by exploiting a vulnerability in the Windows implementation of the Server Message Block (SMB) protocol.
Within the first 4 days of WannaCry taking hold in Europe, Avast had detected more than 250,000 detections in 116 countries.