<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">

A Look Back at 2017’s Most Destructive Ransomware Attacks

  Michael Thweatt     Jan 30, 2018

ransomware-attacksRansomware was a top concern for enterprises around the world in 2017 and continues to be one moving forward. Organizations around the globe are increasingly dependent on technology to help reach business goals, but it comes with risk. Cybercriminals are masters at exploiting technological weak spots to hit companies where it hurts the most.

Ransomware is one of these tactics. Attackers hold files and data hostage in return for payment, crippling the organization until they fulfill the demand set by the criminal. As the hackers discover new ways to extort money, it is critical that enterprises protect themselves using the past as an example. Continue reading to learn about five ransomware attacks from 2017 and the key takeaways from each of them to help you with your enterprise security strategy.

5 Ransomware Attacks of 2017

1. WannaCry
Making its debut in May 2017, these ransomware attacks exploited a vulnerability first discovered by the National Security Administration. Originally, the NSA intended to use this weakness for surveillance purposes; however, the masterminds behind WannaCry used it to extort money from enterprises worldwide.

The virus attacked entire network systems through standard PC File sharing paths. WannaCry brought organizations down, from Russia and the United Kingdom to the United States, holding their valuable data hostage until their demands were met.

2. Petya
Petya first made the news in 2016, affecting only Windows users through an email attachment that was downloaded and given permission to make administrative changes to the hard drive.

What made this ransomware unique? It didn’t encrypt specific files, instead it overwrote the master boot record and encrypted the master file table. The files stored on the computer were untouched, but users had no way to access them as they couldn’t boot their Windows operating system - making the system unusable until the ransom was paid.

Last year a new version, appropriately named NotPetya, transmitted just like the earlier strain and delivered an identical ransom note, but that was where the similarities stopped. Unlike the original, NotPetya did not actually hold files hostage. Instead, once the virus was activated it destroyed the files it found, making them impossible to restore.

3. Bad Rabbit
Bad Rabbit used legitimate websites to infiltrate network systems, dropping the file on the computer in the background disguised as an Adobe Flash Installer. In order for the ransomware to activate it required the user to manually execute the file for installation then spread through network systems.

While Russia was the main target of this virus, it also impacted other countries such as Ukraine and Germany. It was also a good reminder that similar attacks could happen in the United States.

4. Locky
Similar to Petya in its delivery method, Locky ransomware used email with an infected attachment to spread from one system to another. Once the virus was released in the system it crawled through files, encrypting them and changing their extension to .locky, which is how it got its name.

It’s important to note that the cybercriminals behind this attack designed it to infect the computer that downloaded it, as well as any device or computer that was attached to it.

5. Spora
Like Bad Rabbit, Spora was disbursed through valid websites. Hackers embedded these sites with a special JavaScript code, which then infected the user’s computer. This ransomware went one step further than the other viruses; not only did it hold files hostage using one of the most sophisticated designs, it stole sensitive information and sold them to other criminals on the dark web.

How Can You Protect Your Enterprise?

While it’s not likely the threat of ransomware will dissipate any time soon, there are tactics you can employ to protect your enterprise. After analyzing the five attacks above, we have developed the following suggestions to help safeguard your sensitive information from these crippling attacks.

  • Update your security software frequently. Don’t wait to install the latest security updates to your network. The more up-to-date your software is, the better protected you will be.
  • Back up your data often. Backing up your data regularly is a good idea for many reasons, but in the case of ransomware, if you were to ever fall victim to this crime you will have a recent spot to restore to.
  • Don’t open files, attachments and emails from unfamiliar senders. It is always better to err on the side of caution when it comes to these items.
  • Have a disaster recovery plan in place. Know how to respond to an attack like this and document it.

If you need help exploring your organization’s security protocols and options, contact WEI, a trusted technology partner, today for a comprehensive security and threat prevention assessment.

New Call-to-action 

Tags  ransomware data security IT Strategy IT Security

Michael Thweatt

Written by Michael Thweatt

Mike Thweatt, Sales Executive at WEI, helps our customers transform IT from a cost center to a new profit center by aligning solutions that will provide our customers with their desired business outcomes. Mike’s specialties include transforming technology features into quantifiable business value, strategic market planning, and cultivating collaborative relationships. Mike holds VMware, HPE, and Fortinet certifications.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


see all
Contact Us
Our commitment to your projects is absolute and unwavering. Read WEI's official statement regarding COVID-19