Ransomware Biggest Attack hits nearly 100 countries

2016 was a banner year for cyber attacks, featuring IoT botnets, crimeware as a service and crypto ransomware. But as we move into 2017, what insidious events can we expect to grad headlines around the world?

  • Approx 100k+ systems were infected worldwide using NSA leaked exploit.
  • At least 16 NHS(England) hospitals are having to reject patients after their systems were taken offline.
  • According to NHS Digital, the ransomware behind the attack is malware named ‘Wanna Decryptor’.
  • WanaCrypt0r 2.0 is asking for $300 worth of the crypto currency Bitcoin to unlock the contents of the computers.
  • The WCry ransomware, also referred to as WNCry, WannaCry, WanaCrypt0r or Wana Decrypt0r written in C++ Language with extension .WNCRY and .JAFF extension.
  • In last 24 hours, hackers earned approx $10000 from ransom amount which you can easily see through Blockchain transactions.
  • WannaCrypt0r Ransomware is a part of NSA Exploit which is leaked by Shadow Brokers.
  • More than 90 countries are reported to be infected.

Read More: Around 16 NHS Organizations hit with Ransomware Cyber Attack

Ransomware is a going threat –

  • 750k+ users around the world infected by ransomware in 2015.
  • 17000$ spent by an American Hospital after an attack in Feb 2016.
  • The average ransom amount is $200 to $5000.
  • Hospitals and Government entities are the most common victims of ransomware.
  • So far in 2016, cyber criminals have collected $209 million.
  • 23% of employees open phishing emails.
  • Less than half of ransomware victims fully recover their data, even with backup.
  • 7 out of 10 mailicious email attachments delivered Locky in Quarter 2nd of 2016.
  • 17% of ransomware targeted android devices in 2015.
  • 30 million dollar collected by cyber criminals every 100 day since 2014.
  • More ransomware detected in 2015 than 2014.
  • Ransomware accounts for 25% of all cyber attacks hitting businesses in the UK and is the higher proportion than in any other country and out of that 37% pay the ransom.

5-Stages of Crpto Ransomware –

  1. Installation – After a victim’s computer is infected, the crypto-ransomware installs itself, and sets keys in the Windows Registry to start automatically every time your computer boots up.
  2. Contacting Headquarters – Before crypto ransomware can attack you, it contacts a server operated by the criminal gang that owns it.
  3. Handshake and Keys – The ransomware client and server identify each other through a carefully arranged “handshake”, and the server generates two cryptographic keys. One key is kept on your computer, the second key is stored securely on the criminals server.
  4. Encryption – With the cryptographic keys established, the ransomware on your computer starts encrypting every file it finds with any of dozens of common file extensions, from Microsoft Office Documents to .JPG images and many more.
  5. Extortion – The ransomware displays a screen giving you a time limit to pay up before the criminals destroy the key to decrypt your files. The typical price , $300 to $3000, must be paid in untraceable bitcoins or other electronic payments.

How can you prevent ransomware –

Just 4% of businesses are confident that they can deal with the ransomware threat. so how can you prevent it?

  1. Be suspicious of emails – Email is the most common vehicle for ransomware. Hackers are favoring “Spoofing”, where they’ll pose as your CEO or another colleague to gain your trust. Never click a link or open an attachment from an unknown source, and always check the sender’s email address and credentials.
  2. Backup your data – If you’re unlucky enough to fall victim to a ransomware attack, backing up your data means you’ll be able to restore it without succumbing to the cyber criminals demands. You can backup on cloud servers, on-premise servers, or as a last resort external hardware like USB sticks and hard drives.
  3. Use a ransomware specific anti-virus solution – Ransomware is becoming more prevalent and more intelligent, but so are anti-virus solutions. Sophos Intercept X has been designed specifically to combat Ransomware at the point of entry and uses innovation tools to strengthen your system and ensure you never fall victim again.

Related Posts