Top insights from the most notorious ransomware attacks & attackers

EXECUTIVE SUMMARY:

Let’s out-innovate ransomware! Thanks to the latest technological advancements and expert insights, you might be closer to achieving this goal than you think. Stop next-generation attacks and their culprits.

In the past 30 years, ransomware attacks have proliferated at a dizzying pace, victimizing millions of organizations and causing billions of dollars in losses.

Ransomware attacks are one of the most pernicious and difficult-to-stop forms of cyber crime today. At present, ransomware represents a top concern for organizations of all sizes, across all industries.

Awareness of cyber security weaknesses, best practices and leading security solutions are critical in mitigating ransomware risks.

This article will explore the most insidious ransomware attacks and attackers of recent years, enabling you to identify practices that will protect your organization.

Statistics

  • The average ransom demand now exceeds $2.2 million.
  • In the first 6 months of 2022, there were an estimated 1 million ransomware attacks globally.
  • Last year, 97% of ransomware attacks aimed to infect backup repositories.
  • In 2021, 80% of organizations were hit by ransomware attacks.

1. WannaCry. In May of 2017, the WannaCry ransomware worm spread across computer networks with unprecedented ferocity and agility. The attack affected over 300,000 computers in more than 150 countries around the world, and is estimated to have caused as much as $4 billion in damages.

Key takeaways

  • The importance of keeping software up-to-date. WannaCry exploited a vulnerability in Microsoft Windows that had been patched months before the attack. Failure to install this patch rendered computers (and organizations) vulnerable to attack.
  • The dangers of outdated software. The attack largely targeted devices funning outdated versions of Windows, including Windows XP, which was no longer supported by Microsoft at the time.
  • The global nature of cyber attacks. WannaCry hit organizations around the world, highlighting the need for international collaboration in preventing and defending against cyber threats.
  • The need for strong cyber security. This attack showed that organizations must take proactive steps when it comes to preventing and preparing for cyber attacks.

2. Ryuk ransomware. The first Ryuk ransomware attacks were detected in August of 2018. Ryuk ransomware typically targets organizations and encrypts files. In the past, Ryuk has affected hospitals, local governments and major corporations. It’s considered one of the most dangerous types of ransomware in circulation.

Key takeaways

  • Phishing attacks serve as a primary infection vector. Ryuk attacks are typically enabled through phishing emails, highlighting the importance of phishing prevention mechanisms and employee education.
  • Significant damage. Ryuk ransomware attacks can result in significant damage, including financial loss and disruption of key business operations.
  • The importance of backups. In the event of a ransomware attack, backups play a critical role in helping organizations recover. Organizations are generally advised to follow the 3-2-1 rule when it comes to backups, which says that admins should create at least three backup copies in two different file formats, with one backup stored in a separate physical location.

3. DoppelPaymer. The DoppelPaymer attack was significant on account of the fact that it was one of the largest and most high-profile ransomware attacks of its time. Emerging in mid 2019, it quickly gained notoriety for its sophisticated encryption methods and its ability to evade detection by many antivirus programs.

The attack primarily targeted large corporations and organizations, such as the German automotive supplier, Gedia and the U.S. city of Torrance. Investigators estimated that the attackers behind DoppelPaymer managed to extort victims for millions of dollars.

Key takeaways

  • Monitor inbound and outbound network traffic. Admins should also set up alerts for data exfiltration.
  • Implement two-factor authentication. This can help strengthen security for user accounts.
  • Implement the principle of least privilege. Do so for file, directory and network share permissions.

4. LockBit. LockBit gained notoriety in 2021, after developing Ransomware-as-a-Service tools and employing a double extortion tactic through which to blackmail victims.

LockBit is among the world’s most active ransomware groups, and is responsible for an estimated 40% of ransomware infections worldwide.

The group primarily targets small and medium-sized businesses, although it has also targeted larger entities.

Key takeaways

  • Run up-to-date cyber security solutions. Running up-to-date cyber security solutions is critical in today’s world.
  • Encrypt sensitive data where possible. Encryption can help protect personal information, financial data and intellectual property from theft and unauthorized access.
  • Leverage strong passwords. Ensure that organizational staff use hard-to-crack and unique passwords to protect sensitive data and accounts.

5. Conti ransomware. Since Conti’s emergence, the group has become one of the most prevalent ransomware families in-use. One of Conti’s most notable capabilities consists of its ability to encrypt large volumes of data quickly and efficiently.

The attackers behind the operation are also known for their high level of organization and sophistication, and for their selectivity concerning their targets. For the most part, Conti focuses on large, high-value enterprises, such as healthcare providers, government agencies, and financial institutions.

Key takeaways

  • Vigilance is critical. Cyber security professionals must remain vigilant and proactive when it comes to identifying and mitigating potential threats. In so doing, professionals should acquire strong working knowledge of the latest tactics, techniques and procedures used by attackers. The MITRE ATT&CK framework can help.
  • A comprehensive approach. The Conti ransomware attacks demonstrate the importance of taking a comprehensive approach to cyber security. Organizations need multi-layered protection from ransomware across endpoint and mobile devices, email, network and the web. Learn more here.

In conclusion

When it comes to avoiding the most aggressive ransomware attacks and attackers, prevention measures are essential. Adhere to the basics and also ensure that your organization stays up-to-date with the latest ransomware prevention best practices.

Read more about ransomware prevention here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.

The post Top insights from the most notorious ransomware attacks & attackers appeared first on CyberTalk.