In 2016, Locky began spreading its malware via email attachments, first in Word documents to fool users into opening it, and later as a JavaScript attachment to get by anti-malware security. When opened, the attachment is scrambled, and the victim is instructed to enable macros to read the document. When the victim does this, Locky begins encrypting a large array of file types using AES encryption. Victims are instructed to pay a Bitcoin ransom in order to decrypt the files. New versions of Locky were constantly being released with different types of attachments to get around anti-malware solutions.
According to the FBI, victims paid $209 million to ransomware attacks in the first three months of of 2016. The more recent ransomware attacks have shown hackers attacking specific verticals, such as healthcare and financial services. By October of 2016, 14 hospitals had been attacked by ransomware infections, with Hollywood Presbyterian Medical Center being the most notable. They paid $17,000 in ransomware fees to hackers to unlock their files. If the hospital had a proper back-up system in place and had taken steps to prevent malware from infecting their network, they would have been able to walk away from the hackers without paying the fees.
In 2017, 38 new strains of encryption ransomware had been classified, while the number of modifications doubled from 2016, proving that ransomware attacks are becoming more sophisticated in their attempts to penetrate networks.
In May 2017, the WannaCry worm hit the globe, affecting over 200,000 computers in over 150 countries including Russia, China, the US and the UK. Targeting Windows computers, the ransomware encrypted the files on the victims hard drive, then demanded a payment in Bitcoin to decrypt them. WannaCry became highly publicized as it affected many large organizations worldwide, including Britain’s National Health Service (NHS) network, many US hospitals, FedEx, Nissan plants, many banks, telecom providers and railway systems in Russia, police agencies in Andhra Pradesh, India, 100,000 computers in Chinese universities, Hitachi, and many more.
In June 2017, the world was hit again by another major ransomware attack, this time called Petya. This attack affected many organizations in Europe and the US, encrypting computers and demanding $300 paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows. This unique strain of ransomware works hard to spread itself internally though a network, instead of spreading externally.
Ransomware attacks are becoming more costly every year. Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. 65% of businesses hit by ransomware in 2017 lost access to a significant amount or all of their data, with 36% paying the ransom and 17% never recovering their data. It is crucial now more than ever to take control over your network and ensure your organization is equipped to ward off the next ransomware attack.