Webroot lists 2017’s nasty 10 ransomware attacks

BROOMFIELD — Webroot, an internet security company based in Broomfield, has listed the 10 nastiest ransomware attacks to hit in 2017. It ranks NotPetya as the most destructive because it was directed at taking down a country’s infrastructure.

Also highly destructive was WannaCry and Locky, according to a statement from the company. Webroot’s data was based upon surveys that include all devices running windows operating systems that were infected with ransomware across the globe through September 2017.

Webroot said that NotPetya was designed not to extort money from victims but “to destroy everything in its path.” Here’s a list of the nasty 10:

NotPetya — Starting as a fake Ukrainian tax software update, NotPetya infected hundreds of thousands of computers in more than 100 countries within just a few days. This ransomware is a variant of an older attack dubbed Petya, except this time the attack uses the same exploit behind WannaCry.

WannaCry — As the first strain of ransomware to take the world by storm, WannaCry was also the first to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block, or SMB, protocol.

Locky — 2016’s most popular ransomware is alive and well in 2017. New variants of Locky, called Diablo and Lukitus, surfaced this year, using the same phishing email attack vector to initiate their exploits.

CrySis — The king of Remote Desktop Protocol (RDP) compromise started last year in Australia and New Zealand. RDP is one of the most common ways to deploy ransomware because cybercriminals can compromise administrators and machines that control entire organizations.

Nemucod — Arriving in the form of a phishing email that looks like a shipping invoice, Nemucod downloads malware and encryption components stored on compromised websites. Nemucod would have been the most malicious phishing email if Locky hadn’t reignited in August.

Jaff — Similar to Locky, new variants of Jaff ransomware continue to leverage phishing emails and embody characteristics associated with other successful malware.

Spora — To distribute this ransomware, cybercriminals hack legitimate websites to add JavaScript code. Then, a pop-up alert prompts users to update their Chrome internet browsers to continue viewing the webpage. Once users follow the “Chrome Font Pack” download instructions, they become infected.

Cerber — One of the multiple attack vectors Cerber utilizes is called RaaS (ransomware-as-a-service). Through this “service,” cybercriminals package up ransomware and then give other criminals the tools to distribute how they see fit.

Cryptomix — This ransomware is one of the few that does not have a type of payment portal available on the dark web. Instead, users have to wait for the cybercriminals to email them instructions to pay a hefty amount in Bitcoin.

Jigsaw — Another carryover from 2016, Jigsaw embeds an image of the clown from the “Saw” movies into a spam email. Once a user clicks, the ransomware not only encrypts files, but it also deletes files if a user takes too long to make the ransom payment of $150.

To protect against ransomware, Webroot recommends that computer users deploy security solutions that provide protection from multiple attack vectors, without affecting user experience by slowing devices during scans. Users also need to keep security software up to date including the patches from firmware and software vendors that contain security updates. Backing up and storing important digital information also is a means to recover from ransomware attacks. And using strong passwords that are changed regularly is also important.