Having been highly publicised and popularised after the WannCry and NotPetya incidents, ransomware is now squarely in the public domain. Forbes France Magazine even suggests that 20,000 computers a month are infected with malicious software in France. But did you know that there are ransoms and, well, ransoms? A summary of the most surprising ransomware of the past few years.
CryptoJoker: negotiable ransomware
It can never be repeated often enough: if there is a cyber attack, do not pay the requests for ransom. Besides the fact that it encourages the malware creator's to continue with their business and methods, paying a ransom does not guarantee that you can recover your encrypted files. In a 2016 survey, Kaspersky suggested that 17% of ransomware victims never recovered their files after having paid the ransom.
In order to “optimise” the number of payouts, CryptoJoker became the first crypto-ransomware to offer its victims a new feature: the possibility of negotiating the ransom they pay to recover their data. This brand of ransomware was discovered in January 2016 and marked the start of a new creative era for computer hackers.
Jigsaw: worrying ransomware
Jigsaw is a totally different kettle of fish. It was discovered in April 2016 and is directly inspired by the “Saw” series of horror films. As well as using the famous “Billy” doll visual, this brand of ransomware plays on the effect that increasing psychological pressure has on its victims and erases more data every hour. What is more, there is a clock counting down in the background.
CryptMix: charitable ransomware
Created by “The Charity Team” group of computer hackers and discovered in May 2016, CryptMix ransomware promises to pay the money from the ransom to a children’s charity(!). The authors of the attack thank victims for their involvement in an on-screen message and explain that “Many children will receive presents and medical help”.
It should be noted that at the end of the message the hackers also warn their victims that the ransom will be automatically increased by the server if it is not paid within 24 hours. How gracious!
PopCorn Time: ransomware for sharing
In December 2016, the MalwareHunterTeam discovered PopCorn Time malware, which offers a social alternative to paying the ransom. Victims can actually attempt to infect several of their acquaintances and wait for at least two of them to pay the ransom in order to get their files back.
What a Christmas present that would be.
Koolova: educational ransomware
Soon after this, in January 2017, more ransomware appeared offering to restore encrypted files for free. With Koolova, you no longer have to infect your friends - you just have to read two articles about ransomware. According to Forbes Magazine author Lee Mathews, these two articles were interesting to read because they were about a paper published by members of the Google security team on surfing the net and a BleepingComputer paper on Jigsaw ransomware.
Education through threats. Is this an avenue for CIOs to explore?
Spora: à la carte ransomware
After negotiable ransoms, ransomware entered a new stage in its life January 2017 with the advent of marketing techniques. To recover the files encrypted by Spora, victims are offered different fee levels for decrypting a single file, uninstalling the virus, promising not to reinfect the system right up to full restoration of files.
And as a goodwill gesture, the first two files are decrypted for free.
rensenWare: fun ransomware
rensenWare was created by a Korean student and it spread quickly in April 2017 after it was placed on a sharing site. And it couldn’t be easier to decrypt and recover your figures, you just have to finish a game. The only problem is that the game has been configured in hardcore mode.
More recently, the MalwareHunterTeam research team discovered a diet version in “PUBG ransomware” that requests that you play the PUBG video game...for an hour!
Another top quality ransomware that asks you to play a game to decrypt files: "PUBG Ransomware".
This sample only encrypts files on desktop (including subdirectories)...@BleepinComputer @demonslay335 pic.twitter.com/5406DPbwmX
— MalwareHunterTeam (@malwrhunterteam) 9 avril 2018
nRansom: kinky ransomware
The last in this chronological list is nRansom, which got tongues wagging in September 2017. Like other examples form the list, it does not ask its victims to pay the ransom in bitcoin but for them to send the computer hackers at least ten naked photos of themselves(!).
Later analysis of this virus showed that it was more like harmless malware and it didn’t actually encrypt your data. Was nRansom a saucy joke or a serious hacking attempt?
Though studies tend to show that progress in ransomware is diminishing, it is still a threat to be taken seriously because of the potential harm it can cause. Regularly installing updates, in-house awareness training about dealing with suspicious files and regular backups to the Cloud are all quick and easy first steps that a company can implement.