As the name implies, ransomware refers to certain malware attacks wherein the attacker or demands for money or other types of ransom in exchange of giving back user access. There are also tons of cases where hackers blackmail users of sharing private information about them to the public if demands are not met. This has been a growing problem since the birth of the Internet.
In this article, we will discuss some of the worst and infamous ransomware attacks reported in the history of World Wide Web and what we can learn from them.
Quick Overview of the First Ransomware Attacks: From Spreading of Floppy Disks to Encrypted Ransomwares
One of the first ransomware attacks was way back 1991, wherein a biologist spread PC Cyborg by sending diskettes via surface mail to other researchers. Moving to early ‘2000, the very first encrypted ransomware named Archiveus hit the World Wide Web, and was defeated by some of the best tech hackers in the world. You can even find the password published on Wikipedia.
Moving on, a series of so-called “Police” ransomware packages appeared in the early ‘10s. It was named “Police” ransomware due to the warning labels from law enforcement about the victims’ unlawful acts such as blackmailing and more.
This brief history of malware attacks only show that cybercriminals have been around for many decades and were always been creative to execute their attacks. Now, let’s proceed to some of the worst ransomware attacks:
TelsaCrypt had other popular names such as CryptoLocker and clever M.O. This ransomware has targeted content or files linked to video games such as saved games, walkthroughs, cheat codes, maps, and other downloadable files. The strategy of the attacker is to lure gamers by offering them level walkthroughs and valuable items to breach their server. According to reports, 48% of ransomware attacks came from TelsaCrypt, making it one of the biggest cyberattacks in the history of the Internet.
Cyberattacks particularly computer viruses and malware attacks have grown when more and more files were integrated to mobile devices. As they say, professional hackers are always one step ahead of the development. They can take advantage of these modern advancements to execute their attacks. In late 2015 and early 2016, various ransomware attacked Android smartphones. They call it “blocker” attacks that made it nearly impossible to for users to access their files and getting at parts of the UI.
In late 2015, cybersecurity professionals have discovered another aggressive ransomware called SimpleLocker, which began to spread rapidly across the World Wide Web. This was also the first malware attack on Android to use file encryption and restrict full access. Additionally, SimpleLocker was also the first ransomware to spread malicious payload via Trojan downloader. This method has made it more difficult for security measures to resolve.
Although SimpleLocker originated in Eastern Europe, a lot of its victims came from the United States, which cost them a large sum of money.
Good thing today, Android is now more equipped with anti-malware features. As of late 2016, the number of the aforementioned ransomware attacks has almost vanished. Victims usually get infected by trying to download shady applications and programs outside the official Google Play Store despite the company has been sending multiple warnings and notice to users about the risks of obtaining apps from other sites.
Cybercriminals have spread two major interlaced ransomware attacks, which affected several institutions around the world. This includes hospitals in Ukraine, radio stations in California, and many more. This is when ransomware became a real threat to both enterprises and individuals.
The first major attack was known as WannaCry, which was considered to be the worst ransomware attack in history. Just when WannaCry ransomware attacks have hit Europe, Avast had detected more than 250,000 infections in different countries.
There are several factors considered by cybersecurity experts regarding the initial spread of WannaCry ransomwares. Since high-profile systems were involved including Britain’s National Health Service, different investigations were made from cybersecurity organizations. Most of the reports mentioned that the attacks just exploited vulnerabilities in Windows.
NotPeyta was another strong ransomware package that actually started in 2016, just few weeks after the WannaCry outbreak. According to reports, NotPetya was not actually a ransomware intended to individuals, by rather a Russian cyberattack on Ukraine.
Either way, cybersecurity professionals have learned a lot from this incident. They have discovered many loopholes with the system including the toolkits available on the Internet. Another thing that many people have realized—is the fact that big organizations have been breached—cybersecurity has been overlooked by everyone for so many years. This is also when different organization have launched several cybersecurity awareness campaigns.
This ransomware attack can be back tracked in late 2015. It only ramped up the next few years when SamSam has hit major industries and high-profile scalps. Some of the well-known organizations that have been affected by this attack include the Colorado Department of Transportation, the City of Atlanta, and sever healthcare facilities.
What makes this attack more interesting is that it’s more organizational than technical. Unlike other malware attacks, SamSam does not look for some specific vulnerability. It actually functioned as ransomware-as-a-service. According to experts, the attackers carefully pre-selected targets for weaknesses. It focused more on vulnerabilities in IIS to FTP to RDP. Once the system has breached, thy work to escalate privileges to make sure when they proceed to file encryption, they hit the target accurately.
There are also some researches saying that SamSam originated in Eastern European countries, and the actual target was institutions within the United States. It was in 2018 that the United States Department of Justice said that the aforementioned attacks have cost them over $30 million.
Computer virus, malware, ransomware and other forms of cyberattacks can hit you anytime. Just take a look at the big enterprises that suffered major losses due to lack of cybersecurity. Be aware of your online activities. Equip your system and devices with the right security software programs. Be proactive and send reports to cybersecurity agencies.
John is an Opera Singer by profession, and a member of the Philippine Tenors. Ever since, Digital Marketing has always been his forte. He is the CEO of MegaMedia Internet Advertising Inc., and the Managing Director of Tech-Hacker. John is also the current SEO Manager of Softivire New Zealand and Softvire Australia – the leading software ecommerce company in Australia.