Current location - Recipe Complete Network - Catering industry - 2021 ransomware virus inventory
2021 ransomware virus inventory

In 2021, the new Crown Pneumonia is still ravaging the world, and in addition to dealing with the ongoing impact of the epidemic, industries are also facing a diverse and high-frequency ransomware virus . They encrypt and steal data, and even threaten to destroy or leak data, in order to coerce the victim to pay a high ransom, and obtain "huge profits". Why ransomware virus has so much energy, so that all industries "talk about fear"? In the face of ransomware, can only "lie flat"? Next, we will disk a disk.

From 1989, the world's first known ransomware virus "AIDS Trojan", to 2006, mainland China appeared the first ransomware "Redplus", the world has been suffering from the Ransom attacks have been occurring globally. Especially in recent years, the situation of ransom attacks has become even more serious, and there have been numerous incidents of international famous enterprises being attacked by ransomware, and the ransom continues to set new records. Ransomware has become the number one threat to global network security, so what are the main types of ransomware?

RSA, AES and other encryption algorithms to encrypt the user's files, and in this way to ask for ransom. This type of ransomware has become the main type of current ransomware, represented by WannaCry. WannaCry has resurged again this year, with the most frequently attacked being government and military units, followed by manufacturing, banking, finance, and healthcare systems.

Usually a variety of encryption algorithms are used to encrypt user data, but in the ransom session, the attacker coerces the user to pay the ransom by screening and stealing important user data, and coercing the user to pay the ransom by disclosing the important data.In March 2021, Acer, a well-known computer manufacturer, suffered a threatening attack by the REvil ransomware, in which the attacker asked for a ransom of $50 million (about 330 million RMB) or disclose the stolen and encrypted data.2021 In May 2021, the FBI claimed that the Conti ransomware attacked 16 U.S. health and emergency services agencies, affecting more than 400 global organizations.

Encrypts system disk master boot records, volume boot records, etc. through various types of encryption algorithms, preventing users from accessing the disks, affecting the normal startup and use of the user's device, and extorting ransom from the user, or even encrypting the entire disk data. Represented by the Petya ransomware virus first discovered in 2016.

Lock the screen of the user's device full-screen and display images or text containing ransom information, or disguise as a system with a blue screen error, which directly leads to the user's inability to log in and use the device (the system components will be disabled at the same time), and then extort the user to pay the ransom. This type of ransom attack also exists on mobile. For example, Leatherlocker, which was discovered in 2017.

Get your free study materials

2021 full set of cybersecurity packages and latest interview questions

(Penetration tools, environment building, HTML, PHP, MySQL basic learning, information gathering, SQL injection,XSS, CSRF, brute force decryption, etc.)

Through the analysis of ransom events in recent years, we can see that ransomware has evolved not only from "encrypted data" to "triple ransom", but also from "bulk attack" to "targeted attack". The "targeted attack", but also on specific industries, geographic areas have obvious targeting.

The target of ransomware attacks shifted from individual users to government and enterprise users with a higher ability to pay ransom and a stronger dependence on data. For example, colleges and universities have been severely infected by WannaCry due to the negligence of security reinforcement and vulnerability repair of a large number of devices. Energy, healthcare and other industries carrying important data resources have also become "high-value" targets of ransomware attacks due to high business continuity requirements. In addition, important government departments/agencies, military units, as well as livelihood-related infrastructure and industrial control systems are also facing increased risk of attack.

Economic interests drive the upgrading of the mode of operation, the initial formation of ransomware blackmail chain. In recent years, the more active ransomware-as-a-service (RaaS) platform service family DopplePaymer, Egregor, Netwalker, REvil/Sodinokibi, DarkSide, Ryuk, and this year's first appearance in July, BlackMatter, all have the same characteristics. BlackMatter, all have high threat capabilities.

In July 2021, hackers launched a global ransomware attack*** that hit more than 1,000 companies and forced Coop, one of Sweden's largest supermarket chains, to close hundreds of stores. In what appears to be the largest supply chain hack to date, hackers targeted IT management software provider Kaseya and revealed once again that the ransomware-as-a-service (RaaS) pandemic is spreading.

In July 2021, LockFile, which exploited a ProxyShell vulnerability in Exchange servers to break into corporate intranets, had already attacked at least 10 organizations or businesses, with its attacks targeting primarily the United States and Asia.

Because ransomware encrypted information is difficult to recover and the source of the attack is difficult to trace, a ransom attack not only results in direct losses such as ransom losses, loss of production downtime, damages and fines, and the cost of bringing the data back online, but also social losses that may be brought about by the production downtime or service interruption. For example, ransom losses, according to a Censuswide research report, after a ransom attack, there will be a significant portion of the enterprise will choose to pay the ransom. But,

In March 2021, CAN Financial, one of the largest insurance companies in the U.S., was hit by a ransomware attack by the hacker group Phoenix, which encrypted about 15,000 devices and put untold numbers of customers at risk of being compromised.After unsuccessfully attempting to recover the files, CNA Financial began negotiating with the attacker, who initially The hackers initially demanded $60 million and after negotiations paid the hackers $40 million, the highest ransom amount ever paid.

In May 2021, Colonial Pipeline, the largest pipeline transporter of refined petroleum products in the United States, was attacked by a ransomware virus from the Darkside hacker group that crippled the fuel network along the eastern seaboard of the United States. In the same month, a state of emergency was declared in 17 eastern states and Washington, D.C., where the capital city is located.

Image source

In 2021, LockBit was upgraded to version 2.0, which encrypts data at a speed of 373MB/s, and can steal and encrypt up to 100GB of data from an infected device in less than 20 minutes, which is more than three times faster than the encryption speed of a common ransomware virus. In August, global IT consulting giant Accenture was attacked by the LockBit gang, with the LockBit ransom team claiming to have stolen more than 6 terabytes of data and extorting a ransom of $50 million (about Rs 320 million).

Related articles
  • How about the second phase of Wenhua Garden? OK or not? Is it worth buying?
  • Some participating guests of the new Huizhou merchants
  • Contract expiration notice
  • Does Qindao Shuntian wonton make money?
  • Company Business of Shanghai Oriental Pearl (Group) Co.
  • Ventilation and sound insulation windows Price of six brands of ventilation and sound insulation windows
  • Zhihu's highly praised list of 18 selected books that make you more valuable
  • Three new crown-positive people were detected in Nanchang, and indoor confined places were suspended, how were they infected?
  • Does Hangzhou open a dry cleaner to earn money?
  • How about Hubei Huasheng Fengcheng Electromechanical Equipment Co., Ltd.?

    • copyright 2024 Recipe Complete Network All rights reserved