There are thousands of types of ransomware malware. Below are some examples of malware that have had worldwide impact and caused widespread damage.
WannaCry is an entry-level ransomware with a self-propagating mechanism that allows it to exploit a vulnerability in the Windows SMB protocol and infect other computers. WannaCry is packaged as a dropper, a stand-alone program that extracts encryption / decryption applications, files containing encryption keys, and a Tor communication program. It’s not ambiguous and it’s relatively easy to find and remove.
Locky is able to encrypt 160 file types, primarily files used by designers, engineers and testers. First released in 2016. It is mainly distributed via exploit kits or phishing. The attacker sends an email prompting the user to open a Microsoft Office Word or Excel file that contains malicious macros, or a ZIP file that installs the malware after extraction.
Cryptolocker was released in 2017 and has affected over 500,000 computers. It usually infects your computer via email, file sharing sites, and unprotected downloads. In addition to encrypting files on your local computer, you can also scan mapped network drives and encrypt files with write permissions. A new variant of Crypolocker can bypass older antivirus software and firewalls.
Petya is a ransomware that infects your computer and accesses the Master File Table (MFT) to encrypt your entire hard drive. This makes the entire disk inaccessible even if the actual file is not encrypted. Petya was first seen in 2016 and was distributed via fake application messages that primarily point to infected files stored in Dropbox. This only affected Windows computers.
Petya requires you to agree to give the user permission to make administrator-level changes. If the user agrees, a fake system crash screen will be displayed while the computer restarts and starts encrypting the hard drive in the background. Next, a ransom note will be displayed. The original Petya virus was less successful, but a new variant of Kaspersky Labs called NotPetya turned out to be more dangerous. NotPetya is equipped with a propagation mechanism that allows it to propagate without human intervention.
NotPetya originally spread through the backdoor of accounting software widely used in Ukraine, and later exploited the Windows SMB protocol vulnerabilities Eternal Blue and Eternal Romance. NotPetya encrypts not only MFT, but also other files on disk. While the data is encrypted, the data is irreparably corrupted. The user who pays the ransom cannot actually get the data back.
Ryuk infects computers via phishing emails or drive-by downloads. Use a dropper to extract the Trojan horse on the victim’s computer and establish a lasting network connection. Attackers can use Ryuk as the basis for Advanced Persistent Threat (APT), install additional tools such as keyloggers, and perform privilege escalation and lateral movement. Ryuk is installed on all additional systems that an attacker has access to. The attacker installs Trojan horses on as many computers as possible and then activates Locker ransomware to encrypt files. In Ryuk attack campaigns, the ransomware aspect is only the final stage.
Grand Crab was released in 2018. It has been used to launch ransomware-based blackmail attacks that encrypt files on users’ computers, demand ransom, and threaten attackers to reveal victims’ pornographic habits. There are several versions, all targeted for Windows computers. Free decryption features are currently available on most versions of GrandCrab.
After the device is exposed to malicious code, the ransomware attack proceeds as follows: