In 2019 the return of Ransomware emerged with fewer attacks, but a higher cost to those compromised and the targets have changed since this malware began in 2000. The cybercriminals in 2019 can sell on the “Dark Web” a software named ” Inpivx ” this allows even someone with limited technical skills to set up Ransomeware that is AES encrypted and runs as a RaaS ( Ransomeware as a service).
The cybercriminals directed these attacks at city governments and county offices and infected the IT systems and critical records offices that cannot afford to have shutdowns for an extended amount of time.
Baltimore, MD paid 18 million to hackers for the hacking of the cities water operations and other city billing. The city’s technical services also were affected by this Ransomware assault which was suspected to be by a malware known as “Ryku.”
This malware often is launched following infection by the malware trojan type known as “Trickbot” which can be launched as a phishing email, from an infected web site or even as adware.
The 2019 U.S. Mayors conference all 1,400 passed a resolution not to pay the ransom for infected systems although they had a significant fear that their systems, hardware, and staff are not equipped to manage the new ransomware versions and the phishing and spearphishing attacks.
Cities like Rivera Beach, FL . and Lake City have paid between 500,000 and 800. 000 dollars following a ransomware attack and both losing email and internet access.
The Georgia State courts and Atlantic City, NJ also have reported ransomware attacks of more than 100,000 dollars and decided to pay the ransom.
THE RISE OF THE CRYPTO
The Cerber Ransomware appeared and began in 2016 as the “Crypto type “ransomware which is a RaaS product on the “Dark Web ( Ransomware as a service ).
The Cerber Ransomware as a Trojan type scans the system and attacks and attacks by encrypting all drives and network shared files at these locations. This Ransomware has morphed into 5 versions since the one which appeared in 2016, and the current version can disable the installed antivirus. The Lockergoga ransomware like Cerber acts unlike the earlier versions of Ransomware by modifying the users account after being installed like the others via phishing, spearphishing, and infected websites.
In2019 in keeping with the ability for the Crypto types to work outside the typical pattern of Ransomeware Mega Cortex, Sodinokibi and Ech0raix have been found attacking systems without the need to have a user click on a link attachment or website to infect the system and network.
This Ransomware is the second wave of the attack, which usually follows a reconnaissance with a spambot attack to provide the information the cybercriminals about the security and setting of the systems and network. Once this happens, the Ransomeware launches and the attack can affect the domain controllers spread the infection from the web server and defeat the antivirus and the machine learning.
In the future, Ransomware attacks are expected to be strategic and targeting specific resources like power grids and parts of community infrastructures where the cybercriminals can get there greatest return.