In this post: Read about three scary ransomware horror stories and why they are still making headlines.
It’s Halloween—the perfect time to enjoy some spooky tales. If we’ve learned anything about the horror genre from Hollywood, it’s that the scariest and most compelling horror stories are often the ones that are based on true events. Though you may no longer be scared by monster movies, urban legends, or slasher flicks, real-life horror stories about ransomware are sure to make you feel a little uneasy.
Though this digital extortion tactic is not new; recent ransomware attacks are still making headlines for doing some serious damage to individuals, businesses, hospitals, and even police departments. Below, we bring you three scary stories about real-world ransomware attacks and how they’ve made an impact.
Real-World Ransomware Horror Stories
Tales from the CryptoWall
Classified as a ransomware Trojan, Cryptowall first appeared in early 2014. However, it has continued to surface as different “versions” over the past few years, with the most recent being Version 4.0. This family of file-encrypting ransomware soon became notorious for its use of AES encryption. The ransomware masks itself as a non-threatening application or file and then encrypts the files of infected computers to extort money from users in exchange for the decryption key.
In addition to being spread through email attachments from infected websites, Cryptowall has also been linked to ad sites that serve dynamic ad content to common websites.
This is where the story gets really scary.
Even if the sites themselves are not compromised, the advertising networks that are being used to deliver dynamic ad content may actually be serving malware. Using this approach, known as “drive-by-downloads,” attackers can infect users without the user clicking on the ad. Once the user’s files have been encrypted, CryptoWall 4.0 will display a ransom note with instructions on how to make a payment to the attacker in Bitcoin, a digital currency. The messages from the attacker warn you that the only way to get the decryption key for your files is to pay them the amount they have asked for.
According to a report from the Cyber Threat Alliance, this type of malware has cost individuals and organizations $325 million since 2015. Though there is not much for users to do once they have been infected besides restoring from uncontaminated backups, individuals can take measures to prevent these attacks from happening. Fortunately, cybersecurity professionals have identified ways to prevent these attacks that are far more effective (and easier to come by) than silver bullets or a wooden stake through the heart.
Attack of the WannaCry Ransomware
WannaCry ransomware made its appearance worldwide in May 2017. This ransomware cryptoworm targeted computers running the Microsoft Windows operating system, leveraging a Windows vulnerability known as EternalBlue. Though Microsoft released a patch for this gaping security hole, many organizations had not yet gotten around to implementing it. This enabled the ransomware attack to move extremely quickly, infecting more than 200,000 computers in over 150 countries in just one day.
Like other types of ransomware, WannaCry encrypted the user’s data and demanded a Bitcoin ransom for the file decryption key. The attack hit several large companies across the globe, including FedEx in the U.S. and Spain’s Telefonica. One of the scariest impacts of this attack might have been its effect on the United Kingdom’s National Health Service (NHS). Because of the virus, hospitals, doctors’ offices, and other healthcare facilities across London and Northern England had to cancel any non-emergency services, as users were locked out of the system and didn’t have access to vital data.
WannaCry ransomware can quickly spread to other computers once it has entered a network. This enables the malware to maximize damage across organizations. Much like the fear-inducing zombies in Night of the Living Dead, it is unclear where this attack has originated from, which makes it very difficult to remediate on a large scale. The key to preventing these attacks and keeping the infection from spreading is to patch your system using the Microsoft update.
Petya Variant, NotPetya Still Haunts Organizations Worldwide
In June 2017, a wave of new ransomware attacks started hitting businesses and organizations worldwide that were unprepared for its impact. Petya first surfaced in March 2016, but a more destructive, modified version of the virus was used in more recent global cyberattacks. This version used the same propagation methods as WannaCry, utilizing the hacking tool, EternalBlue. Some cybersecurity firms have begun to refer to this new version that’s based on the original Petya as “NotPetya.”
This ransomware impacted companies that had not yet patched their systems against the vulnerability in Microsoft SMB-1, attacking organizations in the United States, Australia, Ukraine, Russia, Italy, Germany, and other countries. Some big-name organizations that were hit include Merck, the large U.S. pharmaceutical company; Maersk, the Danish shipping company; and WPP, a British advertising agency. However, the virus has been reported to have also impacted banks, governments, hospitals, airports, and other organizations.
Though this Petya variant is very similar to the WannaCry attack, there is one major difference that makes this variant of Petya one of the scariest types of ransomware–this attack made it impossible for users to unlock the system even after they paid the ransom. While WannaCry was true ransomware in that it held data hostage until the ransom was paid, this new Petya attack was instead a wiper disguised as ransomware. This means that it was designed to destroy systems and data without offering an opportunity for recovery.
The inability to recover data makes the latest variant of Petya far more destructive than other types of ransomware. Like a ghost or spirit, this malware continues to haunt those organizations that were impacted by its destruction.
For more cybersecurity horror stories, click here to read: The Worst Hacks of 2017.