Top 10 Ransomware that might hack your devices

Ransomware is a type of cyberattack in which your device is being hacked by a hacker. They steal all your data and personal information. It is a sort of malware that steals your device information and uses them to blackmail you. On behalf of your information, they ask you for some ransomware.
Following is the ransomware that hacks your devices.
1) Locky
Back in 2016, this was first used by a group of hackers. Through fake emails that are infected with a virus, it encrypted more than 160 file types. Users got trapped and installed ransomware on their computers.
Basically, Locky ransomware targets designers, developers, and engineers.
2) WannaCry
It was a ransomware attack that infected more than 150 countries in 2017. It exploits the security breach in windows and completely hacked the hardware of the user. In this way, they did not allow millions of users to access their devices. They asked for Ransom in form of bitcoin to release the device operation.
3) WordPress ransomware
As the name suggests it targets WordPress website files. The more any website is in demand the more potential threat it has. In this type of ransomware, it’s soft target is users who spend the maximum type of WordPress website files. In return, they ask for a ransom from the users.
4) Petya
Instead of infecting or damaging certain files, it encrypts the entire hard disk of the users. This can be done by Master File Table (MFT), which makes it impossible for the users to access the hard disk.
Petya mainly targets HR departments through fake applications and targets to infect their inbox.
5) Ryuk
It was one of the most dangerous ransomware. In 2018, out of 10 ransomware damage, 3 were caused due to Ryuk.
6) DarkSide
In this type of ransomware attack, they exploit weaknesses like compromised passwords, remote desktop protocol, or known unpatched vulnerabilities and then live off the land by using existing tools. They use extortion methods to increase profit.
7) Stuxnet
The most common way of spreading this type of ransomware is through USB sticks and Microsoft Windows computers. They specifically target the Programmable Logic Controller (PLC) which is made by Siemens.
8) Jigsaw
This type of attack begins in 2016. It deletes the file from the user’s system. Each time when a ransom is not paid to the hacker, it continues to delete more files.
9) Crypto ransomware/ encryptors
It encrypts the entire file that is stored on the computer. The hackers scramble the entire text. In this way, users are not able to access their files and information. To restore it to normal use, a decryption key is needed.
10) GandCrab
It threatens the user to reveal their porn habits. It hacks the victim’s webcam and asks for a ransom against it. If the ransom is not being paid threaten to display the embracing content to the public.
Conclusion
The best way to protect your device from all sorts of Ransomware is K7 antivirus software. You must install this software to protect against all potential threats and stay safe. If you want to know more, contact us now.

Comments

Post a Comment

Popular posts from this blog

AMOS (MacOS Stealer)

  In the last week of April 2023, it was reported on twitter , that through a telegram channel a new malware was being offered as “Atomic MacOS Stealer”. Many samples of this malware were found on the internet. Figure 1 – Atomic MacOS Stealer Most of these samples were masquerading as an installer of various applications like Tor browser, Photoshop CC, Notion, FL studio. Figure 2 – Amos DMGfiles masquerading as different applications These are delivered as a DMGfile(Disk Image) which is the common format for software distribution & installation packages on macOS. We identified the Tor browser DMG file for the analysis. When we execute the DMG file it gets mounted and we can see the resulting window advises the user to execute the application by right clicking. Figure 3 – Tor Browser These fake applications are created by using Appify , which is used to create applications just by having the executable alone. The icons can be customised. That’s why these applications are in dif...
Read more

CVE-2023-21716: A new Office Exploit

Image
 In Feb-2023, Microsoft (MS) patched a vulnerability in Microsoft Word which, if successfully exploited, could allow an attacker to execute remote code without authentication on victims’ machines. This vulnerability has been assigned CVE-2023–21716 and has a CVSS score of 9.8, making it a critical issue. This vulnerability impacted MS word and the Outlook Preview Pane as well. Microsoft along with the patch released a work around for the vulnerability but did not release details about the vulnerability. While we were analysing to identify what was patched, on 06-March, the researcher who reported the bug released a PoC on Twitter . In this blog, we will be taking a look at some internals of CVE-2023–21716. So far there is no evidence to suggest exploitation of this vulnerability in the wild. Rich Text Format (RTF) is a document file format published by Microsoft. It uses control words to define various sections and properties of the document. CVE-2023–21716 exists in the way MS Wo...
Read more

MuddyWater Back with DarkBit

  Recently, we came across a tweet about DarkBit ransomware. An Iranian APT group, named MuddyWater, is reportedly behind the DarkBit ransomware. In this blog we will explore the ransomware’s initial access method, the use of Cobalt Strike and the final ransomware payload. Initial Access Method The initial lure was delivered as an ISO file. Figure 1 – ISOFile The payload included a shortcut file (with a .doc extension) and a zip file. Figure 2 – Contents Inside ISO File The shortcut was using PrintBrm.exe to unpack the HR-Update.zip and run it as shown below. PrintBrm.exe is a windows inbuilt command line tool . Figure 3 – Shortcut File cmd.exe /c xcopy .\HR-Update.zip %TEMP% /h /y && PrintBrm.exe -r -f %TEMP%\HR-Update.zip -d %TEMP%\unzip & %TEMP%\unzip\HR-Update.exe Figure 4 – HR-Update.exe Running HR-Update.exe was a Cobalt Strike beacon. Cobalt Strike, a penetration testing tool, can also be used by attackers for gaining a foothold in the system. The final ran...
Read more