Dangerous ransomware top 6 that made 2020 noise
It can be said that 2020 was the year when ransomware became the mainstream of threats.In the past, ransomware was a niche threat, and it was expanded for multinational companies and government contractors, but is now a major concern for companies in all sizes and industries.
The recent THREAT BULLETIN emphasizes the dangers of ransomware, especially in some organizations that have been historically delayed in terms of cyber security.Ransomware is also a problem in educational institutions and co -organizations.
However, the risk of ransomware is not only the expansion of the target.Malware, which is the center of the attack, is becoming more and more sophisticated.This is obvious at a glance when you look at the dangerous ransomware seen in 2020.Here are five dangerous ransomware.
Netwalker
Netwalker is one of the most popular ransomware that was most popular in 2020 and succeeded in attacking.Frequently seen in a few months after the appearance of COVID-19, it greatly contributed to fishing campaigns and malware infections due to an increase in work from home.
Netwalker is an evolution of Mailto ransomware that was first confirmed at the end of 2019, and is still distributed in email fishing campaigns.It targets not only educational institutions and government agencies, but also companies of all sizes.
Netwalker has been used to attack the Australian transport company Toll Group, Michigan State University, and recently the University of California, San Francisco.
Nefilim
Nefilim was targeting a company that caused a high -level attack in 2020 and manages particularly important infrastructure, that is, health, energy, supply chain, and government services.Ransomware has been concerned about social infrastructure for several years, and Nefilim is one of the driving force ransomware.
The exact attack path of Nefilim is not yet known, but it is apparently exploited the weakness of the Remote Desktop Protocol (RDP) system.For this reason, the following two factors are considered that Nefilim has emerged in the past year.
One is that Microsoft's RDP has multiple vulnerabilities.It is possible to easily access each vulnerability, and Blue Force is the most common attack method.Another factor is that the number of RDP systems users has increased rapidly in the past year due to pandemic.
An effective way for a company to detect this kind of ransomware is the Dynamic Application Security Testing.This system always scanes vulnerabilities during the application to detect ransomware threats as soon as possible.
Wastedlocker
Wastedlocker is the latest ransomware subspecies aiming for large US companies.
Wastedlocker was developed from an old malware subspecies.The Trojan horses, ZEUS, aimed at online banking, were developed by attackers who developed Locky aimed at housing owners more than four years ago.
In 2020, Wastedlocker targeted large companies.In general, attacks using Wastedlocker are strictly targeted for specific companies, both for companies in the United States.
The most notable of these attacks was the attack on Garmin, a manufacturer of navigation and smartwatches, and the service provided worldwide last July stopped.
The BlackBerry Threat Research team has obtained a sample of Wastedlocker ransomware for testing and provided the found out.
Tycoon
In 2020, the increase in threats faced by educational institutions and government agencies was reported, but TYCOON is the representative threat.The malware was first observed in December 2019 and seemed to be an unusual example that was initially turned into a Trojan horse.
But unfortunately, it was not.The malware succeeded in infection with an employee machine that was forced to access corporate networks from home due to the security of the VPN tools provided for telework.
Today, many commercial VPN services provide options that use either SHA512 authentication hash or 2048 -bit DHE RSA key exchange, the best encryption standard.
However, many of the low -priced VPN services used by those who started telework in the wake of the new Coronovirus do not meet these encryption standards.Therefore, it is vulnerable to targeted attacks using Tycoon.
Nuke
Nuke is the oldest in the malware introduced in this paper, but not at low risk.This malware was first discovered in 2016 and is often distributed by e -mail phishing scams.
When it enters the victim's machine, Nuke encrypts the file using the AES 256 -bit encryption key.When the file is encrypted, the file name is changed to a combination of characters that follow the extension of .nucle55.The encryption key is protected by an asymmetrical encryption using a 2048 -bit RSA.
Sodinokibi
Ransomware as a Service (RaaS) is becoming a new business model, but one of the main groups behind it is SODINOKIBI (also known as "Revil" or "SODIN"), and last year, data leakage.Incorporated the method to achieve a great effect.This method was first developed by the Ransomware "MAZE" group, but has recently adopted more skilled groups.
It is a new risk for companies to identify valuable and confidential data while moving around the company endlessly by the method of APT (Advanced Persistent Threat).The power of continuing work or recovering from backup while being attacked is not enough.He has seen an organization that has been demanded by the attacker for a large ransom, despite the ability to recover from a catastrophic attack.
The above is the prominent ransomware in 2020.2020 is an unusual year for ransomware, and many malware has appeared, and attacks are being sophisticated, but this trend will continue.
Ransomware has been on the rise for a long time since 2020, and the use of ransomware for the corona has indicated that ransomware will become much more common in the coming years.That's why it is important to protect yourself, data, staff, and business right away.
Blackberry offers cyber security solutions and consulting services necessary for companies to seamlessly transition from reactive security to prevent the first security attitude.Read the Best Practice Guide to see the details of ransomware protection and restoration.
Author profile