Top 5 Ransomware Attacks 2020-2021

Cybersecurity researchers have shown that ransomware attacks have doubled. In the first quarter of the FY- 2020, ransomware attacks increased dramatically due to work from home brought on by the Covid-19 pandemic. The main reason for this increase is the lack of cyber security measures in the home office process.

The growth rate in 2020 is expected to be higher than in previous years due to the chaos created by cybercriminals. The thugs attacked one company after another and stole their data.

Ransomware attacks pose a major threat to companies around the world regardless of their size. These types of attacks allow attackers to gain access to a network of organizations. Therefore, companies cannot access sensitive or financial data through encryption. Cybercriminals demand ransom money from companies for encrypted data. Meanwhile, profits are being made by selling this data in cybercrime forums. So, what are the top ransomware attacks threatening companies in 2020 and 2021?

In addition, many liberated families have improved their ability to steal confidential data from various sectors such as banking, financial services, government services, insurance and manufacturing.

Top 5 Ransomware Attacks 2020-2021

1. REvil Ransomware

REvil is a file encryption virus that encrypts all files and demands money from the victim’s system. When the ransom is demanded, the perpetrators demand that the victims pay with bitcoin. If the victim does not pay the ransom by the due date, the redemption rate will double.

Data leaks from Grubman shire Meiselas & Sachs Law Corporation were detected due to ransomware. The attackers infringed on popular client data and shared it on the Dark Web.

According to reports, the ransom attack may have leaked the personal information of Drake, Robert De Niro, Rod Stewart, Elton John, Mariah Carey, and many other stars. Also leaked are screenshots of popular computer files such as Madonna Tour contracts or files by Bruce Springsteen, Beth Midler, and Barbra Streisand. This ransom program tops our list of ransom attacks for 2020-2021.

2. Sodinokibi Ransomware

Also known as Sodin, Sodinokib ransomware is a type of Revil ransomware. It was rolled out to the Oracle WebLogic server in September 2019 using Zero-Day Vulnerability. Later, when the vulnerability was fixed, it continued to spread through other desktop vulnerabilities, including remote desktop servers and software installers; And even by devices that abuse this ransomware. This ransomware ranks second on our ransomware attacks 2020-2021 list.

After a thorough analysis, it was discovered that this ransomware was closely related to Gandcrab software; The codes are the same for both. While GandCrab use is declining, Sodinokibi use is increasing. Analysts believe that this information has a strong connection between the two ransomware.

3. Nemty Ransomware

Nemty Ransomware ranks third on our list of 2020-2021 ransomware attacks. Unlike other ransomware, Nemty ransomware acts like a ransomware service. When it first appeared, it was mostly advertised on the Russian Pirate Forum website. It will be active from the summer of 2019 to the summer of 2020.

When Raas (ransomware as a service) is active, its customers will be able to access portals that allow them to create unique versions of Nematy ransomware. Later, customers were able to spread these volumes to their liking.

Phishing emails are actively involved in spreading this malware. When Nemty completes the infected computer, 30% of the payment is transferred to the Nemti developer and the rest to the customer.

A few months ago, Nemty developers announced that they would no longer operate as ransomware providers, but as private. Files will never be saved if customers do not pay within a week.

4- Nephilim Ransomware

When it first appeared, cybersecurity researchers found that Nephilim resource codes were similar to Nomty’s ransomware. Not only the code, the design, and attitude are also the same. The victim threatened to publish sensitive data if the ransom was not demanded.

The victims of the Nephilim are usually large corporations and corporations. In December, the attackers planned to attack government agencies and companies with vulnerabilities in Citrix Gateway tools. In addition, they were able to encrypt the victims’ data using the remote desktop network and VPN security breach.

The rescue note emphasized that the data was encrypted by a military-grade algorithm and violated sensitive data. To prove their authority, Nephilim attackers insisted that the victims decrypt both encrypted files and send them back to the victims, thereby convincing the victims that they could only decrypt the files.

5 . NetWalker Ransomware

Netwalker, also known as Mailto, is one of the latest changes in ransomware. Government agencies, health organizations, corporations and remote workers are being attacked by attackers using NetWalker.

NetWalker uses Victim Network to encrypt all Windows devices. It uses ransom notes and file name configuration.
According to cybersecurity researchers, NetWalker has two different attack carriers. These are a) coronavirus phishing emails and b) executable files transmitted over networks. NetWalker 2020-2021 is the most destructive malware on the list of ransomware attacks.

Ransomware Detection

Use real-time alerts to automatically detect and block specific reading/writing behaviors and prevent users and endpoints from accessing more data.

Use fraud-based search to strategically place hidden files in a file storage system to detect ransomware encryption behavior during the first attack. Any writing / renaming on hidden files will automatically trigger an infected user or endpoint block but will allow access to infected users and devices.

Use granular reporting and analysis to provide detailed audit test support for systematic research on who, what, when, where and how users access files.