Ransomware: Some of the major attacks that hit businesses in 2017

As ransomware ran amock last year we take a retrospective look at what actually transpired




By Eyal Benishti

At the start of 2017, many had already designated 2016 as the ‘year of ransomware,’ and with good reason. According to ISTR’s Special Report on Ransomware and Business, ransomware had “quickly emerged as one of the most dangerous cyber threats facing both organizations and consumers, with global losses now likely running to hundreds of millions of dollars.” At IRONSCALES, we knew it was just the tip of a very nasty sword so our 2017 prediction was that the ransomware problem would get worse in 2017. And we were bang on the money as ransomware dominated the headlines, taking data hostage and demanding money to restore order with many scratching their heads and wondering how they could protect themselves from these attacks.

Twelve months later and the threat shows no sign of abating with ransomware appearing in 64% of malicious emails sent in Q3 alone.

Here are some of the most significant ransomware attacks that hit businesses in 2017.

1. WannaCry

In May 2017, the WannaCry ransomware targeted systems all over the World, encrypting files and demanding payment of $300 in Bitcoin for retrieval. The attack, propagated through the EternalBlue exploits, targeted organizations that had not applied earlier patches released by Microsoft. The ransomware affected 74 countries, infecting everything from Hospitals to businesses and Universities, and is believed to have cost around $4 billion in losses.

2. NotPetya

NotPetya exploded onto the scene in June, just months after WannaCry crippled millions across the World; it is understood that NotPetya infected machines by hijacking a software update for a Ukrainian tax software tool, and through phishing emails.  Although demanding $300 in Bitcoin as payment, it is widely believed that NotPetya was used to spread destruction, rather than extort money, as minimal effort was put into retrieving the ransom paid by victims to get their files back. The monetary cost of NotPetya hit the billions- not to mention shipping giant Maersk who reported losses of $300m.

3. Bad Rabbit

October was the month of ‘Bad Rabbit’. The ransomware, which spread primarily throughout Eastern Europe – even effecting the Underground Railway system in Kiev, it asked for $280 in Bitcoin for the retrival of files- less than the ransom demanded during the WannaCry and Petya attacks. Security firm ESET discovered that the ransomware was a new variant of Petya, which wreaked destruction earlier in 2017.  Unlike the major attacks earlier in the year, Bad Rabbit used drive-by attacks to spread, and was much smaller in scale.

4. Locky

Locky was first detected in early 2016, and spreads malware through spam- typically through an email. After falling off the radar at the start of 2017, in August 2017, Locky resurfaced with vengeance and hit out with perhaps its biggest campaign to date- 23 million spam emails were sent over 24 hours. Once infected, Locky scrambles and renames all important files with the extension .locky – with the attacker holding the decryption key for ransom. In this case, those who fell for the phishing email were in for a nasty shock- criminals held the files to ransom for .5 bitcoin- at the time, that equated to just over $2300.

With ransomware predicted to grow even more in the coming year, it is crucial to act now, in order to ensure the security of your business and protect against ransomware attacks. One thing is certain – if you have email security that can prevent phishing and spear phishing, then you can prevent ransomware.

IronTraps recognizes the ransomware threat in phishing attacks, and so provides an automatic email phishing response solution to analyze and remediate incoming threats in real time. With on-premise and cloud-based automatic server-side remediation, IRONSCALES can help remove ransomware emails even when a user is offline or not logged in. Federation also allows phishing attack intelligence to be shared anonymously between enterprises and organizations worldwide; this enables businesses to proactively defend their network gateways and endpoints from attacks which are becoming more frequent, and even more sophisticated.

(From IRONSCALES blog).




Leave a Reply

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.