Ransomware and Malware Attacks to watch out in 2020-2021
In recent times, hackers have perfected their practice. Their areas of expertise have expanded into various sectors such as financial services, government services, insurance, and even healthcare organizations. Moreover, they have changed their modus operandi to make more profits. Hackers are using some of the latest and most effective cyber-attacks which can be very harmful to us. Here below we have mentioned some most dangerous Ransomware Attacks to watch out for in 2020-2021.
Now, here’s how they work: First, they infiltrate a company’s or organization’s networks and encrypt sensitive data. Then the cybercriminals demand a double ransom: the first to decrypt the data and a second to avoid its disclosure. They sell the stolen information on online black market forums.
Top 11 most dangerous Ransomware Attacks in 2020-2021Â
Here is the list of the top 11 ransomware attacks that have already hit hard in 2020 and are feared in 2021:
- REvil
- Sodinokibi
- Nemty
- Nephilim
- NetWalker
- DoppelPaymer
- Ryuk
- Maze
- CLOP
- Tycon
- Sekhmet
1. REvil
REvil ransomware is a malicious virus that encrypts all files without exception. As soon as the virus infiltrated its victim’s system, the administrators of the REvil group immediately demand ransom and demand payment in bitcoins. If the deadline they have imposed is not respected, they double the amount. He was responsible for the attack that wiped out the legal firm Grubman Shire Meiselas & Sacks, causing the leak of confidential data belonging to many celebrities.
2. Sodinokibi
The Sodinokibi or Sodin ransomware acts on the same principle as REvil. At first, he exploited a vulnerability type of “  zero day  ” to access servers from Oracle Weblogic in September 2019. He then continued to wreak havoc by exploiting other vulnerabilities to achieve its targets. Sodinokibi is one of the most formidable ransomware. Its operators have already been able to raise more than 850,000 euros in bitcoins.
3. Nemty
This ransomware is perceived as a ransom service rather than software. Nemty was particularly active between summer 2019 and summer 2020. It is spread through phishing emails.
4. Nephilim
Nephilim is much more sophisticated compared to other malware. He uses a military-grade algorithm to encrypt the data he stole. In general, it only attacks larger targets such as government organizations. Which makes him a very serious threat.
5. NetWalker
The NetWalker ransomware also uses phishing emails, especially those related to the coronavirus, to infiltrate the network of its victims. Then it spreads through all the executable files that are available there. Also known as Mailto, this malware is considered to be the most destructive.
6. DoppelPaymer
Appeared since April 2019, he did not make his first attacks until two months later. DoppelPaymer has similarities to BitPaymer. The two attack by encrypting their target’s files, subsequently leaving them with a note that contains the requested ransom amount and an access code. Since their activity, the attackers behind DoppelPaymer have already accumulated 142 bitcoins or around 1 million euros.
7. Ryuk
Ryuk is among the most aggressive and active ransomware of 2020. This malware chooses its victims wisely, often government agencies or large companies. It organizes large-scale attacks every time it strikes and blocks access to a system or device until the demanded ransom is paid.
Ryuk is able to access any system by using other software to infect it. It uses a combination of very complex algorithms like RSA and AES. Recently, he attacked an American company named EMCOR, which was among the Fortune 500 ranking.
8. Maze
The maze is considered the most dangerous and destructive malware since 2019. It encrypts files and demands a ransom for recovery. Cybercriminals behind Maze launch attacks using tools called Fallout and Spelvo. Most of its recent victims are from the healthcare industries.
9. CLOP
CLOP ransomware also practices phishing to hack data. It adds a “.clop” extension to each of the files it encrypted. If the victims refuse to pay the ransom, the stolen data is published on a site called “CLOP ^ _- LEAKS”. The new versions of the software can bypass Windows Defender and Microsoft Security Essentials.
10. Tycoon
Identified six months ago, Tycoon targets organizations in the education sector. He is a little different from the others. Written in Java, this software uses an aggressive approach. The weak passwords are very easy targets for him.
11. Sekhmet
His first appearance was in June 2020. Just like the others, Sekhmet also encrypts files and demands a ransom for decrypting them. However, it only grants 3 days to its victims, which is a bit specific. After this time, the criminals divulge the information.
Also Read: Types of Social Threats on Social MediaÂ
How can you protect yourself against such attacks?
It is essential to properly secure administration tools, especially for companies, in order to prevent their hijacking by cybercriminals. To do this, it is necessary to ensure that anti-virus software is updated regularly. There are many tools that are able to detect attacks by scanning the content of a suspicious email. Besides, there are also some tools that can assess security vulnerabilities.
Thus, it is always advisable to have a recovery plan with an effective backup procedure as a preventive measure. It would also be more prudent to have at least 3 copies of all the data, stored in different reliable locations.
In the event that the attack is already underway, you should not pay the ransom, but rather apply the backup plans and restore the systems. Because each ransom paid fuels cybercrime and allows criminals to recruit new accomplices.
