R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS, SOCIAL ENGINEERING, OR WEB BASED DRIVE BY MALWARE INJECTIONS W HEN THE EXPLOIT IS EXECUTED A DOWNLOADER IS PLACED ON THE SYSTEM. T HE DOWNLOADER SILENTLY COMMUNICATES WITH CONTROL SERVERS TO DOWNLOAD AND INSTALL MALWARE / RANSOMWARE AND SECURE AN ENCRYPTION KEY T HE CONTACTED C&C SERVER RESPONDS BY SENDING BACK THE REQUESTED E NCRYPTION K EY AND PROVIDE PAYMENT METHODS RANSOMWARE STARTS TO ENCRYPT THE ENTIRE HARD DISK CONTENT, PERSONAL FILES AND SENSITIVE INFORMATION. A WARNING IS DISPLAYED ON THE SCREEN WITH INSTRUCTIONS ON HOW TO PAY FOR THE DECRYPTION KEY.
1989 : The first ever ransomware virus was AIDS Trojan, also known as the PC Cyborg. 2006: In 2006, the Archiveus Trojan was released. June 2006 : GPcode, encryption Trojan which spread via an attachment mimicking a job application : WinLock displayed pornographic images until the users sent a $10 premium-rate SMS to receive the unlocking code. 2008: Two years after the GP Code virus was created, another variant of the same virus called GPcode.AK was unleashed on the public using a 1024-bit RSA key. Mid-2011: There were about 30,000 new ransomware samples detected in each of the first two quarters of 2011, during the third quarter of 2011, new ransomware detections doubled to 60,000. January 2012: Toolkits for distributing malware and managing botnets evolve, ransomware detections surpassed 100,000 in the first quarter of March 2012: Citadel and Lyposit lead to the Reveton worm. April 2012: Police Ransomware scams that have spread throughout North and South America July 2012: Ransomware detections increase to more than 200,000 samples, or more than 2,000 per day. July -November 2012: Second version of Reveton is released pretending to be from the FBI July 2013: A version of ransomware released targeting OSX users that runs in Safari and demands a $300 fine. August 2014: Reveton adds a new, more powerful password stealer called Pony Stealer. Pony Stealer affects more than 110 applications and turns your computer to a botnet client. September -December 2013: CryptoLocker is released 250,000 machines infected, $27 million in payments received, Locker, a CryptoLocker copycat emerges. Late December 2013: CryptoLocker 2.0 and CryptorBit surface February 2014: CryptoDefense is released. April 2014: CryptoWall is released. More than 600,000 systems were infected between mid-March and August 24, with 5.25 billion files being encrypted. 1,683 victims (0.27%) paid a total $1,101,900 in ransom. May 2014: Zues Botnet Shutdown July 2014: Zues Botnet Network resurfaces August 2014 : SynoLocker appears targeting Synology NAS units Late 2014: TorrentLocker is detected. Early 2015: Crytowall takes off, and replaces Cryptolocker as the leading ransomware infection. Mid TeslaCrypt and VaultCrypt are detected Late Chimera based Ransomware, threatens to sell information on the web. November 2015: CryptoWall version 4.0 comes out and starts infecting workstations through phishing campaigns and exploit kits, reported damages of $325 million
89% of the businesses hit by ransomware were 10 employees or more, while 60% were bigger than 100 employees 43 percent of IT consultants reported a customer falling victim to ransomware in the last year 72 percent of employees were locked out of their files for at least 2 days, and 32% were locked out for at least 5 days Intermedia Report *Intermedia surveyed nearly 300 IT consultants and security experts on the crypto-ransomware threat
Loss of Data and Information Employee Downtime and Loss of Production Ransom Costs IT Consultant Time and Labor Forensic Investigation Cost Data Leak and Compliance Issues HIPPA FINES Impact on Reputation and Loss of Business Relationships IT Infrastructure Upgrades/Overhaul
CRYPTOLOCKER
BitCoin Splash Pages
ANTI RANSOMWARE TOOLS