2017 was touted as the year of ransomware attacks and it is predicted that cyber security threats will only worsen in the years to come. However, if you dig into the history of cyber breaches, you will notice that some of the biggest ransomware attacks have taken place in the last five years!
Here is a quick look at these ransomware attacks which disrupted the businesses worldwide causing billions of losses and would always remain most talked about in cyber security courses.
This malicious program was perhaps the first one to bring ransomware and its deadly implications to the fore. While ransomware usually freezes the device of the user, CryptoLocker followed a different route. It allowed the users to run their computers and software but encrypted their personal files. The data was not lost, but the hackers demanded ransom in a million dollars to provide the decryption key.
Also known as Andr/Slocker-A, SimpleLocker encrypted the files stored by Android devices. It primarily routes through a Trojan downloader to target SD cards that are slotted in Android mobile handsets. It also collects the IMEI number, model and manufacturers details of the device to send it to a C2 server. If the device is attacked, the user gets a pop-up window in Russian language demanding Ukrainian currency to restore the data.
TeslaCrypt made its presence known in March 2015. It targeted gamers by encrypting their game saves, profiles, maps and user-generated files of computer games. It is believed that it was the first of its kind ransomware attack that extorted money from gamers. Some experts even called it a variant of CryptoLocker as it used strong encryption with 2048-bit RSA keys. About more than a year later, the developers of TeslaCrypt withdrew the attack and released the master decryption key, providing a huge relief to the victims.
WannaCry created a huge uproar across the governments and business organizations across the world. It infected over 2.5 lakhs computer systems in various countries, resulting in $4 billion losses! Its modus operandi included infecting computers on Windows operating system and then encrypting the files on the hard drive. After the attack, the access was denied to the users unless they agreed to pay in bitcoins.
The WannaCry threat had not even subsided when Petya attack reared its ugly head. It not only encrypts files but also overwrites and again encrypts the overwritten files in Master Boot Record (MBR). Later, the cyber experts revealed that while the malware was a variant of Petya, it was not really Petya.
If you want to understand the implications of these attacks further, cyber security certification courses would be a good start.