Top ten ransomware attack in the world : What this means for businesses and organizations in the developing countries.

With the rise of artificial intelligence and series of changes and improvement in technology over the last few years and much more yet to be unveiled in the technological space.

This brings a great hope and poses and advantage to the development of businesses and organizations that anticipate and integrates this changes in their business approach and methodologies, this will in no small way improve business productivity and drive significantly their performance.

However, Embracing this change implies that businesses must embrace the risk that comes along with artificial intelligence and generally technological advancement.

Ransomware which is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. are currently on the rise in several developed nations owing to the advent of AI. infact in recent times we've seen several developments like RaaS (Ransomware as a service) become a more common services on the darkweb.

Looking at the world's top ten ransomware attacks which significantly occur in developed environment its poses a risk to businesses and organizations integrating this development in emerging nations.

According to Securitymagazine.com , there was an 81% year-on-year increase in ransomware attacks in the world with over 4900 attacks from 2023 to April 2024.

Here are the top ten attacks in the world,

10: AIDS Trojan

AIDS Trojan, or PC Cyborg, was the world’s first ransomware attack in 1989. Users were duped by a fake survey that subsequently gained access to users’ computers through a mailed floppy disc. The scam displayed a message that asked the user to pay US$189 to obtain a repair tool.

It was distributed by Dr Joseph L. Popp to roughly 20,000 individuals and medical institutions. The malware itself was weak and easy to remove with decryption software, but the attack itself is often viewed as the catalyst for future attacks, highlighting the need for data security measures.

9: CryptoLocker

The CryptoLocker ransomware attack used CryptoLocker ransomware that occurred between 2013 and 2014. Using a trojan that targeted computers running Microsoft Windows, it extorted US$3m from victims.

It is a ransomware that restricts access to infected computers by encrypting its content, before demanding its victims to pay a ransom to recover their files. This was done either via bitcoin or a pre-paid cash voucher. Although it was neutralised in 2014, variations of ransomware still use the name to hack organisations and individuals today.

8: SamSam?

The SamSam actors targeted multiple industries predominantly in the US that were using Windows servers, including some within critical infrastructure. Targeting large companies , the ransomware infects the entire network and encrypts all hosts connected to it instead of attacking individual systems.

The attackers aimed to exploit vulnerabilities in Windows servers to establish permanent access to network assets, causing the FBI, NCCIC and CISA to put out a joint statement about the threat in 2018. As of that year, the total net loss was roughly US$6m.

7: DoppelPaymer

Still an active ransomware threat, DoppelPaymer is a ransomware that uses Process Hacker to terminate services related to security, email server, backup and database software. It then threatens its victims with publication of their stolen files on its data leak site.

First appearing in 2019, it caused incidents that left its victims, often critical companies, struggling to properly carry out operations. It is also believed to be based on the BitPaymer ransomware due to similarities in their code, ransom notes and payment portals. Ransom demands have reached as high as US$1m for large organisations.?

6: Costa Rica Government

Having only been released last year, the ransomware attack on the Costa Rican government has been identified as an act of war by the pro-Russian Conti group. It targeted 30 institutions and demanded a US$10m ransom in exchange for not releasing information stolen from the Ministry of Finance, containing potentially sensitive information like citizens’ tax returns and companies operating in the nation.

Losses incurred amounted to US$30m a day, resulting in the government having to cease operating due to the scale of the hack. The nation is still dealing with its repercussions today.

5: Ryuk

Also with a US$1m ransom demand per target was Ryuk, a ransomware that preyed on big organisations that could meet its demands. In September 2020, a ransomware attack hit Universal Health Service (UHS) and caused US$67m of damage.?

Ryuk was discovered to have been used in the attack. The ransomware does not launch as soon as it infiltrates the victim’s system, but instead takes a couple of days for it to start encrypting files and spreads through the entire system.?

It also disables Windows System Restore features so that the victim cannot roll back to a previous uninfected version of the system.

4: REvil (Sodinokibi)

REvil (Ransomware Evil; also known as Sodinokibi) was a Russia-based private ransomware-as-a-service (RaaS) operation. Sodinokibi is the name of organised ransomware attacks that victimised the transportation industry and the financial sectors.

The ransomware encrypts files on a system and shows a ransom note on the screen, affecting files like .jpg, .java, .raw and .png, to name a few. In 2021, it focused on US companies. Its attacks on JBS and Kaseya triggered a huge crackdown on cybersecurity and has now been reported to be most likely inactive. Net losses have been predicted to be around US$200m.

3: TeslaCrypt

Although net loss is unknown, it is expected that this Trojan Horse Cryptovirus caused losses of approximately US$500 per victim. However, the scale of TeslaCrypt was huge, having targeted 185 game files of 40 popular games like the Call of Duty series, World of Warcraft and Minecraft, to name a few.?

The ransomware targets saved data, player profiles, custom maps and game modifications stored on the victim’s hard drive, encrypting files up to 4GB in size. Later versions also encrypted Word, PDF, JPEG and other file types, prompting victims to pay the US$500 to get the decryption key.

2: NotPetya

NotPetya used the same method of infiltration as WannaCry (see below), but the encryption of files was permanent. Starting in 2017, it infected the master boot record of Windows computers to take the system hostage.

It used the EternalBlue hack to infect systems as well as being modified so that its effect could not be reverted even if the victim paid the ransom. At the time, it was alleged that NotPetya was politically motivated and targeted against Ukraine by the Russian Military Agency, as 80% of the affected companies were Ukrainian.

It was discovered that a backdoor was created during an update of the Ukrainian company M.E.Doc was used to spread the malware. As a result, NotPetya remains one of the most impactful ransomware attacks to date, with financial losses worth US$10bn.

1: WannaCry

Although a slightly smaller net loss than NotPetya of US$4bn, WannaCry is often described as the biggest ransomware attack in history in terms of impact. The 2017 cryptoworm affected thousands of computer systems worldwide and held hostage the files of 250,000 users of Microsoft Windows users across 150 countries.

A hacker group called Shadow Brokers also used EternalBlue, which had been stolen and leaked to them from the United States National Security Agency (NSA), to exploit a vulnerability in Microsoft Windows PCs. They encrypted files on computers and demanded a ransom worth between US$300 and US$600 to be paid in Bitcoin.

The ransomware managed to infect numerous companies, including multiple NHS systems across England and Scotland. This ultimately caused huge disruptions to health services and ￡92m (US$104.36) in losses.

Ultimately, the torment came to an end when British computer security researcher Marcus Hutchins implemented a killswitch to stop the spread of the malware.

With this risk level what's the way out for business, here are some remedies:

1. Immediate isolation: Disconnect the affected device or network from the internet and isolate it from other systems to prevent further spread.

2. Do not pay the ransom: Paying the ransom does not guarantee data recovery and may encourage future attacks.

3. Report the incident: Inform law enforcement and your organization's incident response team.

4. Activate backup systems: Restore data from backups, if available.

5. Use antivirus software: Run a full scan with updated antivirus software to detect and remove the ransomware.

6. Use decryption tools: Utilize decryption tools, like No More Ransom or Malwarebytes, if available for the specific ransomware strain.

7. Reformat and reinstall: In severe cases, reformat the affected device and reinstall the operating system and software.

8. Implement security measures: Enhance security protocols, including patching vulnerabilities, using strong passwords, and enabling two-factor authentication.

9. Conduct a thorough investigation: Analyze the attack to identify the entry point and prevent future occurrences.

10. Develop an incident response plan: Establish a plan to quickly respond to future ransomware attacks.

Overall, you may however get in touch with season risk professional to proffer timely and cutting edge solution.

#RiskConsulting #cybersecurity #RansomeWare