CSO's guide to the worst and most notable ransomware - CSO Online

CSO's guide to the worst and most notable ransomware - CSO Online


CSO's guide to the worst and most notable ransomware - CSO Online

Posted: 16 Feb 2021 02:00 AM PST

Ransomware has a long history, dating back to the late 1980s. Today, it's generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they pay the ransom. Sophos reports that the average cost of a ransomware attack in 2020 was nearly $1.5 million for victim organizations that paid ransoms and about $732,000 for those that didn't.

Given the financial benefit to attackers, it's no surprise that ransomware gangs and malware have proliferated. The number of ransomware threat actors—those capable of developing and delivering code—is likely in the hundreds. That's not including so-called "affiliates" who buy ransomware-as-a-service (RaaS) offerings from some of these threat actors.

Below is a list of key ransomware malware and groups, selected for inclusion based on their impact or innovative features. It isn't, and isn't intended to be, an exhaustive list. And while some of these ransomware groups are no longer active, that's no guarantee they won't reappear bigger and badder someday, as is too often the case.

Cerber 

History: Cerber is an RaaS platform that first appeared in 2016, netting attackers $200,000 in July of that year.

How it works: Cerber took advantage of a Microsoft vulnerability to infect networks. It functions similarly to other ransomware threats. It encrypts files with AES-256 algorithm and targets dozens of file types, including documents, pictures, audio files, videos, archives and backups. It can also scan for and encrypt available network shares even if they are not mapped to a drive letter in the computer. Cerber then drops three files on the victim's desktop that contain the ransom demand and instructions on how to pay it.

Targeted victims: As an RaaS platform, Cerber is a threat to anyone.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

VPN browser extensions: Why you shouldn't use then - Tech Advisor