Ransomware Attacks That Rocked 2017

Ransomware Attacks

A major standout of 2017 was an increasing number of ransomware attacks. It seemed like a new attack hit every week. This doesn’t even count the major hacks, such as Equifax. The good thing is the general public is taking notice more than ever, which may make it harder, at least hopefully, for ransomware to get on devices to begin with.

Ransomware Attacks We Hope to Have Seen the Last Of

Locky

Locky isn’t new to 2017 since it actually made waves in 2016. However, it just won’t go away. It faded away at the end of 2016 only to come back with a vengeance in August of 2017. Millions of malicious emails were sent out, leading to numerous locked computers. Locky’s one of the worst ransomware attacks simply due to the scale and number of variants. Sadly, those variants are still being created even today.

NotPetya

NotPetya quickly became one of the most terrifying ransomware attacks of 2017. Unlike most ransomware, paying a ransom didn’t return your files. The ransomworm was similar to Petya, hence the name. NotPetya tore through airports, power companies, and banks in Ukraine and parts of Europe. Despite asking for a $300 Bitcoin ransom, victims lost their money and files. This attack made it clear that you should always back up your files no matter what. 

Bad Rabbit

The name doesn’t sound particularly horrible, but Bad Rabbit is still a nasty type of ransomware. Much like NotPetya, Bad Rabbit spreads over networks. It starts out as a fake Adobe Flash installer. As a viral threat, it didn’t take long it to infect numerous computers in Russia and Europe. This attack mainly targeted businesses and once again asked for Bitcoin.

Related Read: Cryptocurrencies: The Basics

WannaCry

WannaCry is one of the most talked about ransomware attacks of 2017. The ransomware was first discovered after it shut down hospitals in the British National Health Service in the United Kingdom. It also targeted other major businesses and networks, such as  Telefonica and FedEx. It spread over networks like a worm and held the computers thousands of businesses and individuals in over 150 countries hostage.

WannaCry became the perfect example of why you need to keep your computer updated. The ransomware exploited a Microsoft Windows flaw. Updated computers were safe, but many computers are rarely updated.

Cerber

Cerber is a form of ransomware that’s been going strong since 2016. The only problem is, it just keeps mutating. Unlike many types of ransomware that require users to download or execute a file, Cerber is ransomware-as-a-service. The developers allow affiliates to distribute and use Cerber for a portion of the profits. This means any hacker who’s willing to share their profits has access to this one. So far, it’s hit over 23 countries.

LeakerLocker

McAfee first detected LeakerLocker back in July 2017. Unlike most ransomware, this type doesn’t encrypt files. The attack came in the form of two apps on the Google Play Store. Booster & Cleaner Pro was downloaded as many as 5,000 times, while Wallpapers Blur HD was downloaded as many as 10,000 times before the ransomware was discovered.

The ransomware locked users out of their phones and threatened to send all the phone’s contents to every contact stored on their phones if they didn’t pay the required ransom. On the plus side, if you didn’t have anything to hide, you might just get your files back from your contacts.

Jaff

Jaff is based upon Locky, but it’s actually much worse. It was one of the more expensive ransomware attacks and asked users for over $3,000. Jaff was spread using the Necurs botnet to send five million emails every hour. All users had to do was open a PDF in their email to become a victim. It continues to work even when the computer is offline. The sheer size of the attack infected computers across the globe.

Related Read: Ransomware Protection Tips to Keep You Safe

WYSIWYE

The clever name play on WYSIWYG (what you see is what you get) might sound cute, but WYSIWYE (what you see is what you encrypt) is anything but cute. It’s a bit unique among ransomware attacks as it allows hackers to encrypt just the files and folders they choose versus the entire computer.

It was mainly designed to attack corporate networks so hackers could encrypt the most valuable files. The attacks were an eye-opening look at how attackers are personalizing ransomware and evolving their attacks.

Spora

Spora was a terrifying attack that actually allowed you to chat with your attackers. Most of the time, ransomware attacks don’t come complete with customer service. However, the hackers wanted to make it easier for victims to understand what was happening and pay their ransoms.

Spora spread via ZIP files, which didn’t even require an Internet connection to execute. Once opened, the machine is infected and locked down. It also showcased advanced encryption that wasn’t possible to break. As a sign of good faith, you could decrypt two files for free or just pay $30 to decrypt certain files.

Cryptomix

Cryptomix is still wreaking havoc with new variants being released late in 2017. For instance, in December, the new TastyLock extension was added and in November, two other variants were discovered. Unlike most types of ransomware attacks, you don’t get immediate access to a payment portal. Instead, you have to wait for the attacker to email you. It’s kind of a nerve-wrecking experience to just wait.

Reyptson

Reyptson spreads differently than most ransomware attacks and that’s what made this one such a shock for 2017. While it’s busy holding your files hostage, it’s also spreading itself through the Thunderbird email client, if you have it installed. The ransomware then sends out spam messages to all your contacts to infect them too.

Basically, it was a good idea to contact everyone immediately to let them know not to open the infected messages. The attack mainly targeted Spanish users, but that doesn’t mean everyone else is safe.

Related Read: Online Security Checklist

Ransomware attacks aren’t going to stop any time soon. The only things you can do to prevent becoming a victim of these or any attacks in 2018 is to be prepared. Back up all your files regularly and install antivirus with ransomware protection like Digital Care AntiVirus Complete.


Contribution by Crystal Crowder

About the Author

Crystal lives and breathes tech. She’s spent over a decade writing tutorials, reviews, and more on tech, business, and lifestyle sites. Her idea of fun is settling down with the latest tech and gadget news.