Table of Contents
Ransomware attacks are on the rise and hit the news now and then. People and organizations fall victim to ransomware attacks before they know it.
Whether it’s local government entities, school districts, healthcare providers, or private companies, no one is safe from these attacks.
Learning about ransomware and how to prevent them is crucial for organizations and individuals.
In this article, we’ll learn about ransomware and some examples of ransomware attacks, how we can detect it, and how to prevent a ransomware attack.
What is Ransomware?
Ransomware is a type of malware that blocks access to a computer system, or important files in a computer system. Cybercriminals use ransomware to encrypt a target device or important data, only to ask for a ransom in exchange for the decryption keys.
How Does Ransomware Work?
Generally, ransomware infects a computer system and blocks the user by encryption or other means. The encrypted data can then only be accessed through a decryption key, which can be obtained by paying the attacker.
The victim is given detailed instructions on
- How to contact the attacker
- How to make the payment (usually in cryptocurrencies)
- How to obtain the decryption keys
- How to use the decryption key to regain access to the lost data.
Types of Ransomware
New strains of ransomware are being developed every day. However, all of them can be categorized under the following categories:
- Locker Ransomware
This type of ransomware locks the user out of their computer during an attack. Locker ransomware typically doesn’t damage any of the files and causes the least amount of damage.
- Crypto Ransomware
Some ransomware uses a technique called cryptovirology-extortion, where cybercriminals encrypt important data of a device and threaten to permanently delete the files. These are called crypto-ransomware.
Scareware acts like locker ransomware, the only difference is that this type of ransomware would also fill the screen with lots of popups or banners claiming that your device has been infected with serious malware and the hackers can get rid of it with a small fee.
- Ransomware as a Service (RaaS)
RaaS or Ransomware as a Service is a business model sold to cybercriminals with low technical knowledge. Professional hackers carry out the distribution, attack, recovery, and ransom collection for a cut of the total extorted amount.
A Leakware/Doxware threatens to release stolen data in the public domain unless a ransom is paid. This type of ransomware usually targets businesses as they don’t want their data to fall into the wrong hands.
Notable Recent Ransomware Attacks
Most ransomware attacks are conducted with only one goal in mind, money. That’s why companies are the primary targets of ransomware attacks.
It's difficult to pinpoint the frequency of ransomware attacks as most of the time victims pay the ransom to solve the issue. Even though paying the ransom without notifying the authorities is a bad idea.
The attackers are aware that companies store crucial data necessary to keep the operations running smoothly, giving them a chance to demand a large amount of money within a short period.
However, sometimes competitors or rival companies perform ransomware attacks to cripple the competition.
Here, we’ll mention some notable recent ransomware attacks:
The Habana Labs Incident
On Dec 13th, 2020, Habana Labs, an AI processor developer owned by Intel was reported to be a victim of the Pay2Key ransomware attack. The hackers stole compromising business data and leaked them online.
The leaked data included sensitive code and various business documents.
The Shirbit Insurance Incident
On Dec 1st, 2020, Shirbit Insurance, an Israeli insurance provider became a victim of a ransomware attack. The company serves many government employees. After the report was published, it was revealed that a group called Black Shadow was behind the attack.
The group initially asked for 50 Bitcoin for not exposing the company’s sensitive client data. However, as Shirbit refused to pay the ransom, the price rose from 50 BTC to 100, and later to 200 BTC.
The Foxconn DoppeelPaymer Incident
Another notable ransomware attack happened on 29th November 2020, where the victim was none other but the electronics giant Foxconn.
The company was infected by the DoppelPaymer ransomware. According to a report published in Bleeping Computer, the attackers demanded 1,804 BTC, which equals over USD 34 million. And they promised to provide the decryption tool once the payment was confirmed.
The attackers claimed that they had successfully encrypted almost 1200 servers and stole 100 GB of Foxconn’s unencrypted files. They also claimed that they had deleted 20-30 TB of their backup data. That’s right, 20-30 TB of backup data.
Another thing worth mentioning is that recovery from ransomware attacks is a long and critical process. Tracking down the attackers is also a difficult task as they demand a ransom payment in bitcoins since cryptocurrency is untraceable.