For the first time ever, ransomware has been named the 3rd most ‘deadliest’ types of malicious software (malware) out there in cyber crime’s history. It’s all thanks to “Locky” ransomware. Ransomware is a a rather nasty type of malware that holds your computer or mobile device to ransom by encrypting all the files on your computing device or it will constantly show an image such as a pornographic image until you pay up.
While many people have heard of ransomware in the news due to fake emails pretending to be an energy company that you are with or perhaps a trusted organisation, previously ransomware was not considered the worst of the worst.
That is, until now.
This year is the year has been totally been ransomware season according to an article on Softpedia.
Please note that only malware affecting desktop computers are included. The top 3 mobile malware are HummingBad, Triada, and Ztorg.
The Malware Family ‘Most Wanted List’ 2016
Starting from 2008, Conficker is a worm targeting Windows computers. It initially targeted Windows XP computers, however the worm has evolved with time. At the moment, it specialises as a computer virus infection that goes viral. It has the ability to download other malware when instructed by their C&C server which enables it to steal your credentials and even disable security software.
Believed to have originated from Russia in 2003, Sality is a polymorphic virus which constantly evolves and is hard to detect. Similarly to Conficker, it is controlled by a botnet. It has the ability to infect computers via different methods. Sality’s goal is to infect executable files and download complex malware.
Making its debut in 2016, this ransomware family variant locks down the files on your computer with an encryption algorithm that is currently uncrackable. It spreads in a few ways:
- ZIP email attachments which contain .js, .lnk, .hta, or .wsf file extensions.
- Exploit kits
In a recent report by cyber security solution provider Proofpoint, they claimed that 97% of all malicious email attachments were due to Locky. It is thought that the it originates from the Necurs botnet which has an army of over 6 million bots ready to spam unsuspecting victims. It is thought that it is managed by the same online crime gang that spread the Dridex banking trojan.
First appearing in 2007, it is basically a combination of a Pushdo trojan and a botnet. Using simple star architecture with a C&C server in the middle, it is used for sending spam emails. On occasion, it is used for DDoS attacks.
Also known as Zbot, Zeus is a type of trojan horse that runs on Microsoft Windows that was first identified in July 2007 when it stole information from the United States Department of Transporation. It is the base of many of today’s banking trojans targeting PCs. It can be used for many criminal tasks such as stealing your banking information. It does this by man-in-the-browser keylogging. It also has the ability to grab information from auto-saved forms (typically found in browser to fill out contact information more easily).
Other famous feats is that it had compromised the FTP accounts of many well known comapnies such as Oracle, ABC, Bank of America, CISCO, Amazon, and more. It is also currently used in tech support scams which occur when pop up messages appear on your computer claiming that there is a virus on there – when in reality there are no viruses at all.
Criminals who deploy Chanitor malware have one aim – to steal data from their victims. Also known as Hancitor, it is merely a stepping stone for other potent malware. It does this by PowerShell and API abuse methods which are generally uncommon techniques.
Typically infecting Asian nations, it compromises web browsers. When you go to authentic banking portals, in uses a web inject to show fake web pages. It is also known as Zusy or Tiny Banker. It’s called ‘tiny’ because the size of the actual banking trojan itself is only 20kb.
A new variant of Tinba has been found. Dubbed ‘Tinbapore’ due to its origins, its goal is to target financial institutions in the Asia Pacific region. However it has also targeted African, European, and Middle Eastern financial institutions.
The Tinbapore version employs a DGA (Domain Generation Algorithm). By using a DGA, it is almost unstoppable as it gives it the ability to come back to life even after a C&C server is taken down, thus putting millions of dollars at risk.
This famous ransomware variant is part of the CryptoLocker family. Cryptowall is spread by email phishing campaigns and malvertising. Unfortunately there is no decrypt key publicly available for for Cryptowall victims which is why prevention is better than cure.
Blackhole is a type of exploit kit which exploits security holes found in outdated and insecure software applications on your computer. This is why we recommend that you often update your software applications when they appear so that you will not be affected by exploit kits.
During its hey day, it was the best exploit kit around. This was created by a Russian, Dmitry Fedetov, who is currently incarcerated. After his arrest, it became readily available between criminal groups. As Fedetov is imprisoned, it is largely unmaintained.
Created in 2007, Nivdort is a type of modular backdoor trojan. It is spread using spam emails with the purpose of stealing people’s passwords. It can also download more malware onto your computer and modify your system settings.
As you can see, the majority of these are spread using spam email techniques. We encourage you to learn how to identify phishing emails at work and in the home to avoid your computer systems being infected.
Unfortunately at BankVault, we hear of stories on a regular basis about people having viruses on their computer, and people losing money from their bank accounts because they have been hit by money hungry criminals infecting their computers. If you have any questions about how to protect our computer from nasty malware that could cripple your systems, please contact us today before it’s too late!