Malware hackers continues to dominate the cyber security promises of malware experts also in 2017. The hackers likely attacks on small and large enterprise business to all around the globe to make millions of dollars in to exchange of decryption files. Spam emails are uses as the most significant infection carrier almost 64% into some of the major attacks like NotPetya and WannaCry and there is no symptoms to go slow in coming time according to a new research report. Many of the infections has been distributed to the users PC such as WannaCry and NotPetya hijacked computers globally and spread new infections rapidly to make huge number of victims to make more ransom money. Here are the list of some of the top influential ransomware infection culprits that make a huge impact in cyber world in 2017.
NotPetya is spread among the cyber system users using a tax software fake update program and rapidly infected more than thousands of systems more than 100 nations rapidly. This is another malicious variant of infamous Petya but uses the similar exploit to the WannaCry. It consequently compromised a huge number of US firms and make a major financial damage. This is landed in June after being deliver by the malicious update of MeDoc (nation’s most popular accounting software). According to the researchers at Symantec, the creators of Petya ransomware use the same advantage to exploit the vulnerability of Windows applications like the WannaCry family that hit millions of computers in 155 countries on Earth Earth a few months ago.
WannaCry aka WannaCrypt is claimed as one of the most devastating ransom infection attacks of all the time. It attacked and infect around hundred thousands of computing machines and backs, law enforcement agencies and other financial institutions. It is the very first ransom infection that uses EternalBlue, which exploits a system vulnerability in Microsoft Server Message Block (SMB) Protocol. This WannaCry strikes in cyber world in May 2017. The attack was stopped within a few days of its detection due to Microsoft’s nail patches and the discovery of a death switch that restrict infected systems from spreading WannaCry. The malware attack has compromised more than 300,000 computers in 150 nations with a number around hundreds of millions to billions of dollars. Security experts believed in the preliminary assessment of the worm that the attack originated from North Korea or agencies working for the country.
According to a research report from security firm Proofpoint, Locky is infamous as one of the top ransom infection culprit in terms of all ransomware families. As you may know that the Locky was one of the biggest ransomware infections of 2016. Some of its new variants are Diablo and Lukitus also emerged this year using very similar phishing email attack campaign to initiate their exploit kits. The developers behind the ransomware uses emails that looks legit like an invoice receipt or malicious doc files which contains malicious macros and uses social engineering tricks to enable macros on systems to easily get inside of it.
CrySis is a ransomware which detected in Australia and New Zealand that actively attack on systems using Remote Desktop Services to install the ransom virus manually into on your computer. According to the Webroot report, RDP is one of the most used method to distribute ransomware infections. The report explains that the cyber criminals can affect the administrators and their computers that is used to control entire management of organization. According to ZDNet sources, 200 master keys were released to allows victims to decrypt their files in May 2016.
Nemucod Ransomware family has been active since 2015 and comes inside of system in the form of phishing email that seems to be a shopping invoice and when downloaded by the users on their systems then it start encrypting all your saved files on compromised machine or website. In several research it is found that the Nemucod downloaded from TeslaCrypt. Sometimes ago the malware developers switched to distribute a ransom virus that renamed files with .CRYPTED file extension. It mostly get delivered to your systems via “.js” malicious files which uses VBA (Visual Basic For Applications) to install Nemucod on systems.
The Jaff landed in May 2017, and carry out their malicious attack by using similar to Locky. This malware used Necurs Botnet to send millions of spam emails to targets huge number of system users worldwide in just few hours and demands victims to pay ransom of 1.79 Bitcoins equals to $6000. The ransom virus is spreading through malicious PDF files that might be included with some of the documents that can download the encrypting executable on compromised systems. After following successful encryption it attached a “.sVn” file extension to the compromised files.
Cerber uses RaaS (ransomware-as-a-service) to allows freshers malware developers to extort money from potential victims. The non-technical achieve some of the money from developers that has been gained as ransom. After successful encryption victim receives a ransom note on the affected computer screen. It uses RC4 and RSA encryption cipher algorithm to lock all your valuable files and make them completely inaccessible that you can access after payment of ransom to the attackers and purchase of decryption tool.
According to reports Cryptomix is a kind of ransom virus that has not any payment portal available of the Dark Web. So the victims have to wait for the email from the attackers to get instructions about the payment in Bitcoin. Cryptomix has been detected in 2016 and after then the developers behind it releases numerous variants of the nasty malware. It attacks on various files and make them corrupt to demand the ransom payment.
Jigsaw was firstly detected in 2016. The ransomware culprit embed an image of the clone of Saw movies into spam emails. When the users clicked on it then the ransom infection start encrypting their files but also deleted their encoded files if you do not make payment on time. The ransom demand is $150. It is one of the nasty ransom virus that can delete your files if you do not make payment on time. After then It uses AES algorithm to encipher your important files stored on system hard drives.