Recently, the HHS Cybersecurity Program released a report detailing the impact of ransomware attacks in 2021. The results are chilling. If you think that you're at a company that isn't threatened by ransomware, think again.
Ransomware attacks are targeting Healthcare, Manufacturing, Insurance, Technology, and Banking sectors as well as other targeted industries like Education. Knowing how these attackers operate will give you a leg up on vulnerabilities.
We're sharing what we know about the most common ransomware variants out there. Not only should your systems administrators and IT departments know about this vital information, but all employees should brush up on the steps and precautions they can take to protect your company from malicious threats. Because some of these attacks originate from a seemingly harmless email click by an employee.
If you don't have time to read this article, at least take our brief quiz to see if you're vulnerable to attacks.
Before covering the most common tools that are used to attack organizations, we need to briefly mention the phenomenal rise in Ransomware-as-a-Service (RaaS) actors that are arming individuals with a suite of malware to carry out malicious attacks. DarkSide, Conti, and Avaddon are all current RaaS models, although they are bound to rebrand themselves to avoid detection. Many leverage a variety of combinations of variants mentioned below.
An extortion plan follows that demands a payment, usually Bitcoin, in order to decrypt your data and return it to you. Some have a quick expected turnaround before you lose your data. Extortion doubles if the victim doesn't meet the deadline. A new ransomware variant even comes with a ransom note and encrypts all the files in the windows system, crawling through the network.
1. Triple Extortion (used by Avaddon) encrypts, exfiltrated, and threatens data leak or DDoS attack.
2. Maze threatens to publish sensitive data on cyber-criminal forums and "has the potential to remove blacklisted files and transfer victims' data to the attacker."
3. Ryuk restricts system access until a payment is received. It does this by encrypting every file and infecting the victim's machine with malware. The newest Ryuk variety is worm-like, allowing a reinfection to potentially happen.