What exactly is Ransomware?
Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device—which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal, or other endpoint.
Ransomware Attack Examples
NotPetya and Petya
Petya is ransomware that infects a machine and encrypts an entire hard drive, by accessing the Master File Table (MFT). This makes the entire disk inaccessible, although the actual files are not encrypted. Petya was first seen in 2016, and was spread mainly through a fake job application message linking to an infected file stored in Dropbox. It only affected Windows computers.
Petya requires the user to agree to give it permission to make admin-level changes. After the user agrees, it reboots the computer, shows a fake system crash screen, while it starts encrypting the disk behind the scenes. It then shows the ransom notice.
The original Petya virus was not highly successful, but a new variant, named NotPetya by Kaspersky Labs, proved to be more dangerous. NotPetya is equipped with a propagation mechanism, and is able to spread without human intervention.
NotPetya originally spread using a backdoor in accounting software used widely in the Ukraine, and later used EternalBlue and EternalRomance, vulnerabilities in the Windows SMB protocol. NotPetya not only encrypts the MFT but also other files on the hard drive. While encrypting the data, it damages it in such a way that it cannot be recovered. Users who pay the ransom cannot actually get their data back.
Ryuk infects machines via phishing emails or drive-by downloads. It uses a dropper, which extracts a trojan on the victim’s machine and establishes a persistent network connection. Attackers can then use Ryuk as a basis for an Advanced Persistent Threat (APT), installing additional tools like keyloggers, performing privilege escalation and lateral movement. Ryuk is installed on each additional system the attackers gain access to.
Once the attackers have installed the trojan on as many machines as possible, they activate the locker ransomware and encrypt the files. In a Ryuk-based attack campaign, the ransomware aspect is only the last stage of the attack, after the attackers have already done damage and stolen the files they need.
GrandCrab was released in 2018. It encrypts files on a user’s machine and demands a ransom, and was used to launch ransomware-based extortion attacks, where attackers threatened to reveal victims’ porn-watching habits. There are several versions, all of which target Windows machines. Free decryptors are available today for most versions of GrandCrab.
In the event of a disaster (such as a flood, fire, or computer virus), would your important data remain safe and sound? If your business isn’t already following the 3-2-1 backup rule, the answer is probably no. This rule states that your data should be stored in three separate locations: the source device (likely a computer or office workstation), your local backup device, and an off-site location (preferably through a cloud backup solution).
Following the 3-2-1 backup rule ensures that the probability of all three copies of your data being lost are slim to none. Sometimes an IT project is too large or technical to plan without having an experienced team of IT professionals on hand. If that’s the case, hiring your IT service provider for consulting services may be the solution. They can work with multiple departments or contractors to tackle projects like large-scale hardware and infrastructure overhauls or business-wide software and operating system updates, ensuring that no technical detail is overlooked.
For a listing of this service or any other IT service that we provide, check us out at