sb-nz logo
Story image

Webroot reveals the 8 most prevalent ransomware variants

30 Jun 2016

Ransomware will continue to plague IT decision makers and organisations every single day - in fact there are 390,000 new variants today alone, and traditional antivirus applications are not enough to stop them as they become shapeshifters, changing form with every attack to avoid detection, says Dan Slattery, senior information security analyst at Webroot.

76% of IT decision makers across 10 countries reported security breaches in 2015, while 62% believe they will be victims of a successful attack this year. Slattery believes there are specific ransomware variants that are the most destructive and ubiquitous threats in the security landscape.

CryptoWall 4.0: Commonly distributed by phishing emails, it encrypts and randomises a user's computer files and makes them indistinguishable. The ransomware demands $700 to restore file access.

CryptXXX: An exploit feature mainly spread through malvertising and hacked websites. The exploit can steal financial information through infected devices, particularly if unaware users log in to banking websites. The ransomware demands $500 to restore file access.

DMA Locker: Spread in enterprise environments and hacked RDP connections sold on the black market. It can find user permissions on un-mapped shared networks and encrypt data. Although relatively new, its aggressive nature makes it a serious threat.

KeRanger: The first common ransomware to targets Macs, originally spread through a hacked version of Transmission bittorrent client, put on the official website. After three days of being installed, the ransomware activates and encrypts the device.

Locky: Tracks and encrypts multiple files and data using the same 16-character hexadecimal name, so users are unable to distinguish between files. It gives users a choice to decrypt a single file, demonstrating that the ransomware atttackers can unlock files if users pay the fee.

PadCrypt: A ransomware with a live chat feature, the attackers can talk to users to decrypt information after payment is made. Slattery says hackers will use chat to fool users into believing the cause of infection was something else and they are just helping to solve the problem. Ransomware-as-a-Service (RaaS): This puts hacking and crime in the hands of anybody, regardless of experience. The RaaS doesn't demand coding knowledge and exists in the dark web. Used by less-skilled criminals, malware creators get a maximum 30% cut from all successful ransom payouts. Slattery says this is one of the most dangerous developments in the cyber crime market.

TeslaCrypt: Recently stomped out, it was one of the biggest and smartest attackers, avoiding 'CryptoPrevent' and custom group policies to avoid detection - and it specifically targeted gamers. The ransomware survived 15 months and was responsible for 11% of successful malware attacks. It expanded from file encryption to entire computer lockouts until ransom was paid.

Webroot recommends:

1.  Deploying trusted, multi-layered endpoint security

2.  Deploying backup recovery and business continuity recovery systems

3.  Disabling autorun and macros features

4.  Creating strong and robust Windows policies

5.  Educating users about malware threats

Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
NZTech chief hopeful for greater diversity in tech sector
With the most diverse board ever, Muller has released a statement that highlights greater inclusion as the tech sector thrives in a pandemic-hit NZ.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More