Blog

Which Are the Most Dangerous Ransomware?

Which Are the Most Dangerous Ransomware?

Wednesday 27th February 2019

As the ransomware threat continues to grow further, it is important to identify the most dangerous of these campaigns. These campaigns have wreaked havoc on conglomerates and government institutions all around the world. Study these threats so you can prepare well in times of adversity. Following are some of the most dangerous ransomware campaigns.

WannaCry

WannaCry was aptly named—it did bring tears to the eyes of managers belonging to reputable brands.

WannaCry first emerged in 2017 when it became notorious for its global damage to organisations and businesses. In UK, it paralysed the hospital infrastructure. As a consequence, emergency wards, surgeries, and other medical operations were badly affected.

Overall, in a short period of time, it infected about 200,000 computer systems globally. Brands like FedEx in USA and Renault in France were amongst the big names which were invaded by the ransomware.

Research indicated that the source code of the ransomware was heavily borrowed from the EternalBlue infection. This infection misused the SMB (Server Message Block) to propagate via file sharing networks.

GandCrab

Last month, GandCrab had its first birthday. The year 2018 was filled with ransomware attacks involving GandCrab Ransomware. The ransomware targets users with exploit kits and asks for cryptocurrency in return. This cryptocurrency is mostly Dash—about £500 worth.

GandCrab is known to promote RaaS (ransomware as a service). RaaS is a ransomware which is rented to third parties on underground forums. As a consequence, individuals without any deep IT knowledge are able to utilize it to target businesses. The earned ransom is then divided between the creators and the renting party. Due to the popularity of RaaS thanks to ransomware like GandCrab, the ransomware industry is attracting people from different corners.

NotPetya

The internal operation of NotPetya is similar to WannaCry and uses the same Server Message Block exploit kit. Additionally, it also has an EternalRomance exploit kit. It infiltrates a computer system by exploiting the master boot record where it intercepts the boot process of the system.

NotPetya is a variant of the infamous Petya Ransomware. However, its code was changed to ensure quick propagation. NotPetya began its campaign by attacking the national institutions of Ukraine. Soon, it spread and began infecting PCs in North American and Europe. Some experts believe Russia to be the birthplace of NotPetya and link it as part of the cyber warfare.

One thing which made NotPetya unique was its unusually low ransom demand. As a result, some security experts theorised that the actual objective of the ransomware was not to collect money—unlike traditional ransomware attacks which are money-driven. Instead, it was used to unleash heavy destruction on its victims. As a consequence, while victims had to pay low ransom, they had to deal with reputational damage.

Similarly, the downtime caused by the ransomware ensured that the affected businesses lost considerable financial damage.

Now, that you have familiarised yourself with the most dangerous ransomware campaigns, you need a cybersecurity defence which can keep these threats out from your organisation. Contact us so we can inspect your business and design a highly powerful cybersecurity strategy.