This large volume of resources being moved by ransomware groups has sparked the interest of many criminals, starting a race to develop even more powerful malware.
“Big Game Hunting”, as it is called, is more active than ever, and the projections for 2022 are worrying.
Let’s look at the groups that have made the biggest attacks in recent years.
Ransomware REvil Sodinokibi
Ransomware REvil Sodinokibi, one of the most notorious groups today, is listed for the highest charges in ransomware attacks.
The company Kaseya suffered the damage that reached $70 million, just by paying the ransom demanded by the group.
The WannaCry Ransomware is a very old group, but it has left its mark. In May 2017 it began spreading in Europe.
After four days of expansion, the antivirus company Avast managed to capture more than 250,000 attacks from the ransomware, in more than 116 countries.
It estimated that the group received about $4 billion in ransomware. Large companies were among its victims, such as Nissan, FedEx and Renault.
The Ragnar Locker ransomware is still active today. In April 2020, the group made an attack on Portuguese energy company Energias de Portugal (EDP), and charged $10 million for the ransom.
The group reported that over 10 TB were extracted, and would be leaked if the company did not pay the ransom in the time stipulated by the group.
The SamSam Ransomware emerged in late 2015, they made several invasions. Including in the attacks the Colorado Department of Transportation.
It has a peculiar feature, the group exploits holes in the ISS for FTP getting the RDP.
It was set up in Eastern Europe, and the courts managed to arrest two Iranians who confirmed participating in the attacks. The group caused damage of about 30 million dollars.
The CryptoLocker ransomware emerged in 2013. The group made large-scale attacks, spreading through spam email campaigns.
The group used the RSA algorithm for encryption, so it charged a fee to release the decryption key. According to antivirus company Avast, more than 500,000 machines were infected by them.
However, they were taken down through an operation called Trovar, which was composed of American and European agencies.
These were the largest attacks ever identified both in mass and in value. There is current and updated ransomware as dangerous as these, or even more so.
Most of the groups mentioned above have ceased their activities, with the exception of Ragnar Locker, and there is evidence of a possible return of REvil Sodinokibi.
Big Game Hunting is still going on today, and is unlikely to end, so investment in cyber security is vitally important for businesses.
And faced with this haunting scenario of ransomware attacks, RansomHunter has emerged as a hope, being able to decrypt ransomware files on any storage device.