Ransomware, Breach, Channel partners, Content, Content

Top 10 Ransomware Attacks of 2017: NotPetya, WannaCry and Eight More

This year has been a "nasty" one for ransomware attacks, which is reflected in recent data from cybersecurity and threat intelligence services provider Webroot.

The Webroot threat research team has released a list of the "Top 10 Nastiest Ransomware Profiles," which highlights the most destructive ransomware of 2017.

According to Webroot, the 10 nastiest profiles of 2017 were:

  1. NotPetya: This fake Ukrainian tax software update infected thousands of computers across more than 100 countries over the course of just a few days.
  2. WannaCry: This strain used EternalBlue, a vulnerability in Microsoft's Server Message Block protocol, to infect more than 300,000 computers globally.
  3. Locky: New Locky variants Diablo and Lukitus emerged this year and used a phishing attack to initiate their exploits.
  4. CrySis: This enables cybercriminals to use Microsoft's Remote Desktop Protocol to exploit administrators and machines that control entire organizations.
  5. Numacod: This arrives as a phishing email that looks like a shipping invoice and downloads malware and encryption components stored on compromised websites.
  6. Jaff: Like Locky, Jaff variants use phishing emails to initiate ransomware attacks.
  7. Spora: This ransomware requires cybercriminals to add a JavaScript code to a website, leading to pop-up alerts that prompt Google Chrome users to download a malicious file.
  8. Cerber: This commonly uses ransomware-as-a-service (RaaS), which enables cybercriminals to package ransomware and distribute it to other cybercriminals.
  9. Cryptonix: This ransomware requires cybercriminals to send victims instructions about how to pay a ransom with Bitcoin.
  10. Jigsaw: This embeds an image of the clown from the "Saw" movies into a spam email, and if a user clicks on the image, may encrypt and/or delete user files.

Ransomware attacks remain problematic, but MSPs and MSSPs can help protect organizations against these attacks.

Webroot offered the following recommendations for MSPs and MSSPs to safeguard customers against ransomware attacks:

  • Deploy a top-rated security solution. Use a security solution that offers protection against multiple attack vectors and won't affect the user experience by slowing down during scans.
  • Keep your security software up to date. Ensure the security software on both devices and operating systems is up to date and develop a process for patch management.
  • Back up and store sensitive data. Back up data to a hard, offline location.
  • Implement a strong password policy. Develop a password policy that requires end users to create passwords that contain a combination of letters, numbers and special characters and ensure users update their passwords regularly.

Ultimately, cybercriminals likely will continue to launch a wide range of ransomware attacks in the foreseeable future, Webroot Vice President of Engineering and Cybersecurity David Dufour said in a prepared statement. If organizations follow basic cybersecurity standards, they may be better equipped than ever before to identify and address ransomware attacks, Dufour noted.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.