5 Most Common Ransomware Attack Targets

Ransomware Attack
Ransomware Attack

You need to be on guard! While cyber-attacks have been a concern through the years, the recent spike is alarming.

Besides the rising value and demand for data, events in the past year offer a great opportunity for cybercriminals. The remote working culture that came with the COVID-19 pandemic is a new vulnerability and opportunity for ransomware attacks.

But before you jump to ransomware prevention best practices, you need to know what you are up against.

Here is what you should watch out for:

1. Maze

Since its discovery in May 2019, Maze is still a significant threat. Earlier, it was “ChaCha ransomware,” and the best description for this ransomware would be “ruthless.”

Maze uses multiple techniques to access and publish classified information to the public. After the launch, all files on the victim’s computer are encrypted.

At this point, the attacker demands ransom and threatens to publish the data online if the victim fails to comply. Typically, the attacker publishes one or two of the files to confirm the threat.

2. REvil

This is a file-blocking virus. After infecting the whole system, the attacker encrypts all files and sends a demand message. Usually, the message requires a specified amount paid in bitcoin. The amount is often doubled if the victim doesn’t pay in time. REvil is infamous for leaking sensitive data on the dark web.

3. Ryuk

You have probably heard about this because ransomware targets Fortune 500 companies and government agencies.

Typically, Ryuk uses TrickBot or remote desktop services to gain control and infect your system. It then blocks the system/device and files using AES and RSA among other military encryption algorithms.

Ryuk ransomware uses a robust technique that cripples some of the best IT systems. And this is why most gigantic organizations are considering cloud platforms for enterprise file synchronization.

4. Tycoon

This one is new. Not many attacks yet but this doesn’t mean weak. Its original code is in Java and compiled in ImageJ. The malware is elusive because it runs as a Trojan version on Java Runtime Environment.

The attackers target both Windows and Linux using the same Java image format that launches as part of the attack. Usually, the ransomware denies victim access to all administrator functions because it focuses on the domain controller and the file servers. Tycoon ransomware exploits weak passwords as a loophole to gain access and infect a system.

5. NetWalker

The ransomware is also known as Mailto. Unlike others, NetWalker targets everyone; from individuals working remotely, healthcare organizations, business companies, to government agencies.

The attack is unique. NetWalker ransomware exploits the network structure of the victim then encrypts any other devices connected to the same network. Mostly, the attack targets devices running on Windows.

Also Read: Cyber Security in Healthcare: How Can It Be Improved?

The ransomware file is a package that includes file names, ransom notes, and all configuration settings. This explains how NetWalker spreads; through executable files and VBS scripts attached to phishing emails.

Now you understand why more organizations are considering cloud storage services like Egnyte among other techniques against ransomware attacks. Don’t be caught off guard!