Sophisticated Ransomeware till date in 2020


As interconnectivity turns the world into a global village, cyberattacks are expectedly on the rise. According to reports, the tail end of last year saw a spike in the average amount of payments made to ransomware attackers, as several organizations were forced to pay millions of dollars to have their files released by malware attackers.

These attempted attacks are just the most recent examples of the escalating threat of ransomware attacks. Below are some of the most malicious ransomware demanding payment in crypto.

WastedLocker

WastedLocker is the latest ransomware created by Evil Corp, a group that has been active since 2007 and is regarded as one of the most lethal cybercrime teams. After the indictment of two alleged members of the group, Igor Turashev and Maksim Yakubets, in connection to the Bugat/Dridex and Zeus banking trojans, Evil Corp reportedly reduced its activity.

By disabling and disrupting backup applications, database services and cloud environments, WastedLocker prevents its victims’ ability to recover their files for a longer period of time, even if there is an offline backup setup. In cases where a company lacks offline backup systems, recovery can be prevented indefinitely.

DoppelPaymer

DoppelPaymer is ransomware designed to encrypt the files of its target, preventing them from accessing files and subsequently encouraging the victim to pay a ransom to decrypt the files. Used by an eCrime group called INDRIK SPIDER, the DoppelPaymer malware is a form of BitPaymer ransomware and was first discovered in 2019 by CrowdStrike software endpoint protection company.

Recently, the ransomware was used in an attack against the City of Torrance in California. More than 200 GB of data was stolen, with the attackers demanding 100 Bitcoin in ransom.

Dridex

According to a report by cybersecurity provider Check Point, the Dridex malware entered the top-10 list of malware for the first time in March 2020 after an initial appearance in 2011. The malware, also known as Bugat and Cridex, specializes in stealing bank credentials using a system of macros on Microsoft Word.

However, new variants of the malware go beyond Microsoft Word and now target the entire Windows platform. Researchers note that the malware can be lucrative for criminals thanks to its sophistication, and is now being used as a ransomware downloader.

Ryuk

Another malware that has resurfaced as a result of the coronavirus pandemic is the Ryuk Ransomware, which is known for targeting hospitals. Ryuk ransomware is still being used to target hospitals. Like most cyberattacks, the Ryuk malware is distributed via spam emails or geo-based download functions.

Revil

As the ransomware landscape continues to be overcrowded by novel malicious solutions, cybercriminal groups such as the REvil (Sodinokibi) ransomware gang have seemingly evolved with the times with increased sophistication of their operation. The REvil gang operates as a RaaS (Ransomware-as-a-Service) and creates malware strains that it sells to other criminal groups.

Recently, the notorious REvil ransomware gang launched an auction to sell off stolen data from companies unable to pay the ransom with prices starting at $50,000 payable in Monero (XMR). Out of privacy concerns, the REvil gang switched from demanding payment in Bitcoin to Monero, a privacy-centric cryptocurrency.

As one of the most active and aggressive ransomware operators, the REvil gang is primarily targeting corporations, encrypting their files and asking for astronomical fees.

PonyFinal

Microsoft’s security team revealed in a series of tweets information regarding a new ransomware called “Pony Final,” which uses brute force to get access to its target network infrastructure to deploy ransomware.

Unlike most malware that use phishing links and emails to trick the user into launching the payload, PonyFinal is distributed using a combination of a Java Runtime Environment and MSI files that deliver malware with a payloader that is activated manually by the attacker. Like Ryuk, PonyFinal is mainly being used to attack healthcare institutions amid the COVID-19 crisis.

Maze

This particular name creating a havoc in leading conglomerates. Taking down the services one by one. The strength is remaining dormant for so long period and hitting at right time . Payload downloader… Lateral movement.. data exfilteration.. encryption.. it’s the chain reaction .

Declining payouts

Despite the overall increase in the number of cyberattacks, experts believe there is a decrease in the number of successful attacks, since for most corporations, ransomware attacks amid a global pandemic are proving to be a final stroke, leaving them unable to pay the ransom.

“It’s very obvious to ransomware attackers that they’ve got a potentially valuable target when they hit a corporate endpoint. It may however be less obvious when they hit a personal device that an employee is using while working remotely, and which is only connected to corporate resources on an intermittent basis.”