{"id":3835,"date":"2019-10-09T10:29:36","date_gmt":"2019-10-09T04:59:36","guid":{"rendered":"https:\/\/www.idslogic.com\/blog\/?p=3835"},"modified":"2025-02-27T18:22:57","modified_gmt":"2025-02-27T12:52:57","slug":"top-ransomware-programs-and-how-to-protect-your-system-from-an-attack","status":"publish","type":"post","link":"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack","title":{"rendered":"Top Ransomware Programs and How to Protect Your System from an Attack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_72 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#WannaCry-_A_powerful_ransomware\" title=\"WannaCry-\u00a0 A powerful ransomware\">WannaCry-\u00a0 A powerful ransomware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#LooCipher_A_brand_new_ransomware\" title=\"LooCipher: A brand new ransomware\">LooCipher: A brand new ransomware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#Sodinokibi_ransomware\" title=\"Sodinokibi ransomware:\">Sodinokibi ransomware:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#eCh0raix\" title=\"eCh0raix:\u00a0\">eCh0raix:\u00a0<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#Some_dos_and_donts_of_ransomware\" title=\"Some do\u2019s and don\u2019ts of ransomware:\">Some do\u2019s and don\u2019ts of ransomware:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.idslogic.com\/blog\/top-ransomware-programs-and-how-to-protect-your-system-from-an-attack\/#How_we_can_help\" title=\"How we can help?\">How we can help?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><span style=\"font-size: 14pt;\">Malicious software that uses encryption techniques to hold important data of organizations for ransom has become wildly successful over the past few years. The core purpose of this software is basically to extort money from the victims while promising to restore the encrypted data.<\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Global Annual <a href=\"https:\/\/twitter.com\/hashtag\/Ransomware?src=hash&amp;ref_src=twsrc%5Etfw\">#Ransomware<\/a> Damage Costs:<br \/>\n2015: $325M<br \/>\n2017: $5B<br \/>\n2018: $8B<br \/>\n2019: $11.5B<br \/>\n2021: $20B<br \/>\nFrequency of Attacks:<br \/>\n2016: Every 40 seconds<br \/>\n2019: Every 14 seconds<br \/>\n2021: Every 11 seconds<a href=\"https:\/\/twitter.com\/hashtag\/Cybersecurity?src=hash&amp;ref_src=twsrc%5Etfw\">#Cybersecurity<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Infographic?src=hash&amp;ref_src=twsrc%5Etfw\">#Infographic<\/a> by <a href=\"https:\/\/twitter.com\/CybersecuritySF?ref_src=twsrc%5Etfw\">@CybersecuritySF<\/a> Sponsored by <a href=\"https:\/\/twitter.com\/KnowBe4?ref_src=twsrc%5Etfw\">@KnowBe4<\/a> <a href=\"https:\/\/t.co\/cAY1WBuDyJ\">https:\/\/t.co\/cAY1WBuDyJ<\/a> <a href=\"https:\/\/t.co\/pWRUQvWJ0b\">pic.twitter.com\/pWRUQvWJ0b<\/a><\/p>\n<p>\u2014 Steve Morgan (@CybersecuritySF) <a href=\"https:\/\/twitter.com\/CybersecuritySF\/status\/1193120760845471744?ref_src=twsrc%5Etfw\">November 9, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span style=\"font-size: 14pt;\">Like other computer viruses, it finds its way to a weak device by exploiting a security hole or even by tricking somebody to install it. In many cases it so happens that the victim pays the cybercriminal the amount that is asked out of fear of losing important data forever. The bully could hold your personal files hostage or even keep you away from accessing any important documents, financial information or photos.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"WannaCry-_A_powerful_ransomware\"><\/span><span style=\"font-size: 14pt; color: #008000;\"><strong><span style=\"font-size: 18pt;\">WannaCry-\u00a0 A powerful ransomware<\/span> <\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">About two years ago, a powerful ransomware began to spread across the world. It was <span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/en.wikipedia.org\/wiki\/WannaCry_ransomware_attack\" target=\"_blank\" rel=\"nofollow noopener\">WannaCry<\/a><\/span>, which spread like wildfire and encrypted about hundreds of thousands of computers in more than 150 countries within just a few hours. It was the first time that a malware encrypted the user\u2019s files and demanded some money to unlock them. It spread all across the world in what looked like a coordinated cyberattack.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">WannaCry struck various high profile systems that even included Britain\u2019s National Health Service. It exploited a Windows vulnerability of the Server Message Block protocol. The protocol helps various nodes on the network to communicate. A single vulnerable and internet exposed system was simply enough to wreak havoc.<\/span><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"LooCipher_A_brand_new_ransomware\"><\/span><span style=\"font-size: 18pt; color: #008000;\"><strong>LooCipher: A brand new ransomware<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">This is another latest ransomware that is being distributed in the wild through spam email campaigns. It uses high level windows API libraries like Crypto++ for its encryption routine and this makes it difficult for the Malware Analysis Sandboxes to reverse the binary code. The ransomware encrypts all types of files and is not limited to database files, server files or web applications, backup files, virtual disc files and etc. The functionalities of this malware is pretty straightforward than this belonging to other families.\u00a0<\/span><\/p>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"Sodinokibi_ransomware\"><\/span><span style=\"font-size: 14pt; color: #008000;\"><strong><span style=\"font-size: 18pt;\">Sodinokibi ransomware:<\/span> <\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">This ransomware is distributed via the compromised web application server and spam email campaign all over the globe. The attack involves the exploitation of Oracle WebLogic vulnerabilities and of Microsoft Windows vulnerability. The attach is delivered via the malicious macro enabled Word Document or malicious website link that is received through spa, emails.\u00a0 Once the mail is opened or accessed it will download the malware loader which will download the Sodinokibi ransomware as the final payload.<\/span><\/p>\n<blockquote>\n<p style=\"box-shadow: 0 0 16px #cccccc; padding: 10px;\"><span style=\"font-size: 14pt;\"><strong>Also Read: <\/strong><a href=\"\/blog\/your-open-source-cms-may-be-vulnerable-to-cyberattacks-switch-to-sitefinity\"><span style=\"color: #ff0000;\">Your Open Source CMS May Be Vulnerable to Cyberattacks. Switch to Sitefinity<\/span><\/a><\/span><\/p>\n<\/blockquote>\n<hr \/>\n<h2><span class=\"ez-toc-section\" id=\"eCh0raix\"><\/span><span style=\"font-size: 18pt;\"><strong><span style=\"color: #008000;\">eCh0raix:\u00a0<\/span> <\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">This is another new ransomware that is written in Go language and is found to target the Network Attached Storage devices from the vendors like Lenevo, Synology and QNAP. This ransomware targets the NAS devices by taking the advantage of any weak credentials and then exploits the vulnerabilities. It also uses the SOCKS5 proxy to communicate with the C2 server that is hosted on TOR network. The ransom note is downloaded and the RSA public key is used to encrypt the encryption key for encrypting the victim\u2019s files and offers real time insight on the activity of the malware to the attacker.<\/span><\/p>\n<hr \/>\n<h3><span class=\"ez-toc-section\" id=\"Some_dos_and_donts_of_ransomware\"><\/span><span style=\"font-size: 16pt;\"><strong><span style=\"color: #003366;\">Some do\u2019s and don\u2019ts of ransomware:<\/span> <\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ransomware has become a popular market for the cybercriminals and it is now difficult to stop them. So, prevention is the most important aspect that can help you to protect yourself from an attack. Here is what you can do:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">Use a security software<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Keep your security software updated<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Upgrade your operating system and any other software<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Be careful before opening any email attachment<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Take a backup of important data to an external hard drive<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Use cloud services to retain previous versions of files<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Don\u2019t pay the ransom<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Don\u2019t automatically open any email attachments.<\/span><\/li>\n<\/ol>\n<blockquote>\n<p style=\"box-shadow: 0 0 16px #cccccc; padding: 10px;\"><span style=\"font-size: 14pt;\"><span style=\"color: #800000;\"><strong>Also Read:<\/strong> <a href=\"\/blog\/how-to-secure-your-asp-net-web-application\"><span style=\"color: #ff0000;\">How to Secure Your ASP.NET Web Application?<\/span><\/a><\/span><\/span><\/p>\n<\/blockquote>\n<hr \/>\n<h3><span class=\"ez-toc-section\" id=\"How_we_can_help\"><\/span><span style=\"font-size: 16pt; color: #003366;\"><strong>How we can help?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ransomware bullies are targeting innocents and with this attack becoming a common issue, it is very important to minimize your risk exposure. We at IDS Logic can help you to secure your system and your website with our security services and can also help you to monitor your website 24\/7. Our technical staff can save your data and personal information in the cloud and protect you from any cyber-attacks.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious software that uses encryption techniques to hold important data of organizations for ransom has become wildly successful over the past few years. The core purpose of this software is basically to extort money from the victims while promising to&#8230;<\/p>\n","protected":false},"author":1,"featured_media":3836,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[944,945],"class_list":["post-3835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-ransomware","tag-ransomware-attack"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/3835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/comments?post=3835"}],"version-history":[{"count":4,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/3835\/revisions"}],"predecessor-version":[{"id":10478,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/3835\/revisions\/10478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media\/3836"}],"wp:attachment":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media?parent=3835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/categories?post=3835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/tags?post=3835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}