Oct 31, 2017 SOURCE: PR NewsWire

Webroot Threat Research Reveals the Top 10 Nastiest Ransomware Attacks of 2017

BROOMFIELD, Colo., Oct. 31, 2017 /PRNewswire/ -- Webroot, a leader in endpoint security, network security, and threat intelligence, revealed the 10 nastiest ransomware attacks to hit within the past year. According to Webroot's threat research team, NotPetya was the most destructive ransomware of 2017, followed closely by WannaCry and Locky. The data surveyed includes all devices running windows operating systems that were infected with ransomware across the globe through September 2017.

View the Top 10 Nastiest Ransomware Profiles:
Webroot.com/blog/2017/10/31/top-10-nastiest-ransomware-attacks-2017

NotPetya, WannaCry Take Top Spots
Two of the most destructive strains of ransomware ever seen exploded in 2017.

    --  NotPetya is crowned No. 1 because it was engineered to do damage to a
        country's infrastructure.
    --  NotPetya's code leveraged EternalBlue, the same exploit WannaCry used a
        month earlier. But NotPetya wasn't designed to extort money from its
        victims like most ransomware. It was created to destroy everything in
        its path.
    --  WannaCry takes second place on the list because it took the world by
        storm when it infected hundreds of thousands of users across the globe.

NotPetya and WannaCry attacked in 2017, but other ransomware on the list made their first appearances in 2016. These attacks either carried into 2017 or returned aggressively.

Nastiest Ransomware - The Top 10

    1. NotPetya--Starting as a fake Ukrainian tax software update, NotPetya
       infected hundreds of thousands of computers in more than 100 countries
       within just a few days. This ransomware is a variant of an older attack
       dubbed Petya, except this time the attack uses the same exploit behind
       WannaCry.
    2. WannaCry--As the first strain of ransomware to take the world by storm,
       WannaCry was also the first to use EternalBlue, which exploits a
       vulnerability in Microsoft's Server Message Block (SMB) protocol.
    3. Locky--2016's most popular ransomware is alive and well in 2017. New
       variants of Locky, called Diablo and Lukitus, surfaced this year, using
       the same phishing email attack vector to initiate their exploits.
    4. CrySis--The king of Remote Desktop Protocol (RDP) compromise started last
       year in Australia and New Zealand. RDP is one of the most common ways to
       deploy ransomware because cybercriminals can compromise administrators
       and machines that control entire organizations.
    5. Nemucod--Arriving in the form of a phishing email that looks like a
       shipping invoice, Nemucod downloads malware and encryption components
       stored on compromised websites. Nemucod would have been the most
       malicious phishing email if Locky hadn't reignited in August.
    6. Jaff--Similar to Locky, new variants of Jaff ransomware continue to
       leverage phishing emails and embody characteristics associated with other
       successful malware.
    7. Spora--To distribute this ransomware, cybercriminals hack legitimate
       websites to add JavaScript code. Then, a pop-up alert prompts users to
       update their Chrome internet browsers to continue viewing the webpage.
       Once users follow the "Chrome Font Pack" download instructions, they
       become infected.
    8. Cerber--One of the multiple attack vectors Cerber utilizes is called RaaS
       (ransomware-as-a-service). Through this "service," cybercriminals package
       up ransomware and then give other criminals the tools to distribute how
       they see fit.
    9. Cryptomix--This ransomware is one of the few that does not have a type of
       payment portal available on the dark web. Instead, users have to wait for
       the cybercriminals to email them instructions to pay a hefty amount in
       Bitcoin.
    10. Jigsaw--Another carryover from 2016, Jigsaw embeds an image of the clown
        from the "Saw" movies into a spam email. Once a user clicks, the
        ransomware not only encrypts files, but it also deletes files if a user
        takes too long to make the ransom payment of $150.

What Managed Service Providers (MSPs) and small- to medium-sized businesses can do to protect devices from ransomware:

    --  Purchase and deploy a top-rated security solution. Look for
        cybersecurity solutions that provide protection from multiple attack
        vectors, without affecting user experience by slowing devices during
        scans.
    --  Keep your security software up to date. Firmware and patches are how
        vendors push out important security updates. Keep both devices and
        operating systems up-to-date and create a process for patch management.
    --  Backup and store sensitive data. Generally, ransomware only has the
        means to encrypt files stored locally on a user's system. Backup data to
        a hard, offline location. In the case of equipment failure or
        ransomware, you can access your backup and get back to business as
        usual.
    --  Implement a strong password naming convention. A strong password policy
        limits the likelihood of Remote Desktop Protocol (RDP) breaches.

What home users can do to protect computers from ransomware:

    --  Use a reliable antivirus software. A good solution should protect your
        data while providing a seamless user experience.
    --  Back up your data. Proactively backing up your files can not only save
        you thousands, it can save your favorite vacation photos, videos of your
        kids' piano recitals, and sensitive information.
    --  Use good judgement. Be extra vigilant about the websites you visit, the
        URLs you follow, and the applications and mobile apps you use.

Key Quotes:

Aaron Sherrill, Senior Analyst, 451 Research
"Our research shows that ransomware is a top pain point for businesses due to its infectious nature and ability to spread quickly throughout entire systems. Ransomware does not have a bias and often times small- to medium-sized businesses are the most vulnerable due to their lack of resources. SMBs need to be proactive by consulting an MSP or MSSP on how to deploy a solution that will protect their business from these malicious threats."

David Dufour, Vice President of Engineering and Cybersecurity, Webroot
"This past year was unlike anything we've ever seen. Attacks such as NotPetya and WannaCry were hijacking computers worldwide and spreading new infections through tried-and-true methods. This list is further evidence that cybercriminals will continue to exploit the same vulnerabilities in increasingly malicious ways. Although headlines have helped educate users on the devastating effects of ransomware, businesses and consumers need to follow basic cybersecurity standards to protect themselves."

Additional resources:

    --  Video: Top 10 Nastiest Ransomware
    --  Blog & Infographic: Top 10 Nastiest Ransomware
    --  Web Page: How to Protect Your Business From Ransomware
    --  Web Page: How to Protect Yourself From Ransomware

Research Methodology
The figures presented are based on 2017 data collected, tracked and analyzed by the Webroot BrightCloud(®) Threat Intelligence Platform and threat research team.

About Webroot
Webroot delivers endpoint security, network security, threat intelligence services, and security awareness training to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Our award-winning SecureAnywhere(®) endpoint solutions, BrightCloud(®) Threat Intelligence Services, and FlowScape(®) solution protect millions of devices across businesses, home users, and the Internet of Things. Webroot is trusted and integrated by market-leading companies, including Cisco, F5 Networks, Aruba Networks, Palo Alto Networks, A10 Networks, and more. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity(®) solutions at www.webroot.com.

Social Media: Twitter | LinkedIn | YouTube | Facebook

©2017 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, Webroot SecureAnywhere, Webroot BrightCloud, BrightCloud, and Smarter Cybersecurity are trademarks or registered trademarks of Webroot Inc. in the United States and other countries. All other trademarks are properties of their respective owners.

View original content with multimedia:http://www.prnewswire.com/news-releases/webroot-threat-research-reveals-the-top-10-nastiest-ransomware-attacks-of-2017-300545940.html

SOURCE Webroot

Related News

Israel says foiled cyber attack on its defence firms

Infrascale Survey Reveals Close to Half of SMBs Have Been Ransomware Attack Targets

Federal Aid May Trigger Wave of Cyberattacks on Distressed Businesses

SafeBreach Enhances Microsoft Defender Advanced Threat Protection Evaluation Lab With Advanced Attack Simulations

Center for Internet Security Funds No-Cost Service to Help Protect all U.S. Private Hospitals Against Ransomware

GroupSense Launches Ransomware Negotiation Services

New 4iQ Report Shows Uptick in Nation State Misinformation Campaigns, Cyber Attacks on Healthcare Sector Amid COVID-19

Rising cyberattacks in West highlight vulnerabilities

View all News

Related Procurements

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

ATM 24/2948 drone-mounted Magnetometer

Provision of a drone-mounted Magnetometer to the Australian Antarctic Division

ANSTO Engineering Design Services Panel

The ANSTO Engineering Panel will be established to support the design and development of new facilities, major projects, minor works, and ongoing building renovation and refurbishment needs across many different...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Related Companies

Nova Systems

Cirrus Real Time Processing Systems

Codan Radio Communications

View All Companies