Notable ransomware attacks in the first two months of 2018

After a tumultuous 2017, marked by notorious attacks like WannaCry, NotPetya, BadRabbit which caused severe disruption and losses of billion dollars, ransomware is expected to continue to hit businesses in 2018 as well.

Ransomware activity in 2018 image

How 2018 looks so far

The first two months of 2018 didn’t reveal any massive ransomware outbreak, but the year started with the advent of several new variants of ransomware and some incidents that captured the public attention. In particular, SamSam ransomware is in the spotlight so far, as it has been responsible for several events in different institutions in the US. Here are some of the most important developments:

9 January 2018, Belle Fourche, South Dakota – the City Hall servers were attacked in the first days of 2018 by a ransomware strain that managed to get access to the systems (http://www.bhpioneer.com/local_news/belle-fourche-city-servers-hacked/article_7254ad36-f576-11e7-8ed7-e31c3ee0da87.html). It managed to penetrate the machines by using credentials necessary for a legit application that provided access to server and cloud data. No ransom was paid to recover the affected systems.

11 January 2018, Hancock County, Indiana – the regional hospital was victim of a ransomware attack that attempted to lock the IT systems operating in the facility (https://www.cbsnews.com/news/indiana-hancock-regional-hospital-system-held-for-ransom-bitcoin-demanded/). The hospital stated the patients’ data were not compromised, though it seems the hospital did pay $55000 ransom to remove the lock (https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/). The hospital was hit by SamSam ransomware which encrypted different files and renamed them by using “sorry” in the file name.

Very interesting to note about this attack is the fact that even though the hospital did have backup solutions in place, the management decided to pay the ransom. This approach was more cost-effective than the cost of the whole restoration process from the backup repository, which would’ve taken several days, maybe even weeks.

11 January 2018, Decatur, Indiana – Adams Memorial Hospital was also hit by SamSam ransomware. It affected several computers, including servers and it is not clear if the hospital paid ransom to unlock the encrypted files.

15 February 2018, London, UK – The UK officially accuses Russia of the NotPetya attack which devastated thousands of computers in 2017. In an official statement (https://www.gov.uk/government/news/foreign-office-minister-condemns-russia-for-notpetya-attacks) the UK Foreign Minister accuses the Russian Military of spreading this infamous ransomware in June 2017 with the purpose of disrupting the activity in critical sectors in many countries.

21 February 2018, Denver, Colorado – SamSam ransomware makes another victim, the Colorado Department of Transportation. Sources say more than 2000 computers were affected and the attack caused significant disruption in the activity of the institution (https://www.denverpost.com/2018/02/21/samsam-virus-ransomware-cdot/). It is interesting to note the affected machines were running Windows and McAfee security software. According to the official statements, CDOT has not paid, nor intends to pay any ransom.

Conclusion

The first two months of 2018 showed a significant ransomware activity, and unfortunately, they also proved once again the traditional security products could be easily bypassed by new ransomware variants. This fact also enforces the idea that fighting ransomware requires dedicated solutions which use a different approach from conventional anti-virus products to spot an attack.

In the same time, while malspam remains the primary method used by hackers to spread malware, more direct attacks (like the hijacking of remote desktop access or file system access applications) seem to gain traction. This development will only make it harder for IT admins and security professionals to defend against the upcoming viruses.

How we can help

Our dedicated solution, TEMASOFT Ranstop, is an anti-ransomware software software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss. TEMASOFT Ranstop is at the core of any multi-layered security strategy designed to protect against ransomware.

For more information, follow us on social media and subscribe to our newsletter.