MSP Enemies List: Top 10 Nastiest Ransomware Attacks of 2017
The sheer variety of recent ransomware attacks can be daunting, so we’ve created this rogue’s gallery of the 10 nastiest ransomware attacks to hit within the past year. MSPs can reference this list to better understand the specific characteristics (such as attack vectors) of each ransomware threat, and to gain a clearer picture of where ransomware trends are heading. We follow the list with four key strategies you should adopt for effective ransomware defense.
NotPetya, WannaCry Take Top Spots
Two of the most destructive strains of ransomware ever seen exploded in 2017: NotPetya was crowned No. 1 because it was engineered to damage a country’s infrastructure. While NotPetya’s code leveraged EternalBlue (the same exploit WannaCry used a month earlier), it wasn’t designed to extort money from victims like most ransomware—it was created to destroy everything in its path. Lacking any financial motivation to make its victims whole again, NotPetya and other ransomware threats of that ilk are particularly troubling.
The next two entries on the list follow a more conventional approach, designed to extract payments from its unlucky targets. WannaCry edged out Locky to garner second place on the list because it took the world by storm when it infected hundreds of thousands of users across the globe.
(Note: This list includes all devices running Microsoft Windows OS that were infected with ransomware across the globe through September 2017. NotPetya and WannaCry attacked in 2017; other listed ransomware first appeared in 2016, with these attacks either carrying into 2017 or returning aggressively.)
Without further ado, here are the Top 10 Nastiest Ransomware Attacks of 2017:
Starting as a fake Ukrainian tax software update, NotPetya infected hundreds of thousands of computers in more than 100 countries within just a few days; it’s a variant of an older attack dubbed Petya, except this version uses the same exploit behind WannaCry.
As the first strain of ransomware to take the world by storm, WannaCry was also the first to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block (SMB) protocol.
2016’s most popular ransomware is alive and well in 2017; new variants of Locky (dubbed “Diablo” and “Lukitus”) surfaced this year, using the same phishing email attack vector to initiate their exploits.
The king of Remote Desktop Protocol (RDP) compromise started last year in Australia and New Zealand; RDP is one of the most common ways to deploy ransomware because it enables cybercriminals to compromise administrators and machines that control entire organizations.
Arriving in the form of a phishing email that looks like a shipping invoice, Nemucod downloads malware and encryption components stored on compromised websites; Nemucod would have been the most malicious phishing email if Locky hadn’t reignited in August.
Similar to Locky, new variants of Jaff continue to leverage phishing emails and embody characteristics associated with other successful malware.
One of the multiple attack vectors Cerber utilizes is RaaS (ransomware-as-a-service); through this “service,” cybercriminals package ransomware and then give other crooks the tools to distribute it as they see fit.
This ransomware is one of the few that does not have a type of payment portal available on the dark web; Instead, users must wait for the crooks to email them instructions on how to pay a hefty amount in Bitcoin.
Another carryover from 2016, Jigsaw embeds an image of the clown from the “Saw” movies into a spam email; once a user clicks, the ransomware not only encrypts files, but it also deletes files if the victim takes too long to make the ransom payment of $150.
MSPs Fight Back: Four Keys to Effective Ransomware Defense
While the situation may appear dire, MSPs shouldn’t lose hope—here are four fundamental strategies you can employ to significantly improve your ability to protect your clients’ devices from ransomware:
- Purchase and deploy a top-rated security solution
Look for cybersecurity solutions that provide protection from multiple attack vectors, without degrading user experience by slowing devices during scans.
- Keep your security software up to date
Firmware and patches are how vendors push out important security updates; keep both devices and operating systems up-to-date and create a process for patch management.
- Backup and store sensitive data
Generally, ransomware only has the means to encrypt files stored locally on a user’s system; backup data to a hard, offline location so that in the event of equipment failure or ransomware, you can access that backup and quickly get your clients back to business as usual.
- Implement a strong password-naming convention
A robust and consistent password policy limits the likelihood of Remote Desktop Protocol (RDP) attacks breaching your clients’ machines.
Get the Infographic
Bonus: Educating your end users about the variety and destructive reach of ransomware can also play a crucial role in helping you safeguard clients, so we’ve created an eye-catching infographic that colorfully summarizes the threats in our Top 10 Nastiest Ransomware list. Download it from here!