11-09-2021 , 12:54 AM
https://www.webroot.com/blog/2021/10/13/...e-of-2021/ The 6 Nastiest Malware of 2021
by Kyle Machado | Oct 13, 2021 | Threat Lab
Reading Time: ~ 3 min.
Malware leaps from the darkness to envelop our lives in a cloak of stolen information, lost data and worse. But to know your enemy is to defeat your enemy. So we peered over the ledge leading to the dark web and leapt. The forces we sought are disruptors – without warning, they disturb our businesses and our connections to family and friends.
And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021.
How malware disrupted our lives
These days, every major ransomware campaign runs a “double extortion” method, a scary prospect for small businesses. They steal and lock files away and they will absolutely leak data in the most damaging way if a ransom settlement is not reached.
Phishing continues to be key for these campaigns and it’s typically the first step in compromising a business for the nastiest malware.
This highlights the importance of user education – training users to avoid clicking these phishing lures or preventing them from enabling macros from these attachments are proven in stopping malware in its tracks.
While the list below may define payloads into different categories of malware, note that many of these bad actor groups contract work from others. This allows each group to specialize on their respective payload and perfect it.
This year’s wicked winners
Lemonduck
A persisting botnet with a cryptomining payload and more
Infects via emails, brute force, exploits and more
Removes competing malware, ensuring they’re the only infection
REvil
The Nastiest Ransomware of 2021 that made headlines with supply chain attacks
Many attempts to shutdown the REvil group have so far failed
Their ransomware as a service (RaaS) platform is on offer to other cybercriminals
Trickbot
Decade old banking and info-stealing Trojan and backdoor
Disables protections, spreads laterally and eventually leads to ransomware like Conti
Extremely resilient, surviving numerous attacks over the years
Dridex
Banking and info-stealing Trojan and backdoor
Spreads laterally and listens for domain credentials
Eventually leads to ransomware like Grief/BitPaymer/DoppelPaymer
Conti
Longstanding ransomware group also known as Ryuk and likely linked to LockFile ransomware
TrickBot’s favorite ransomware
Will leak or auction off data if victims don’t pay the ransom
Cobalt Strike
White hat-designed pen testing tool that’s been corrupted and used for evil
Very powerful features like process injection, privilege escalation and credential harvesting
The customizability and scalability are just too GOOD not to be abused by BAD actors
Victimized by malware
The good news (I guess) is that last year’s average ransom payment peaked at $200,000 and today’s average is just below $150,000.
The bad news is that hackers are spreading the love and targeting businesses of all sizes. In fact, most victims are small businesses that end up paying around $50,000. Ransomware actors are getting better with their tactics, recruiting talent and providing a streamlined user experience.
The whole process is terrifyingly simple and for every one that gets shut down, two spring up to replace it. To top it off, supply chain attacks are becoming a massive issue.
Protect yourself and your business
The key to staying safe is a layered approach to cybersecurity backed up by a cyber resilience strategy. Here are tips from our experts.
Strategies for business continuity
Lock down Remote Desktop Protocols (RDP)
Educate end users
Install reputable cybersecurity software
Set up a strong backup and disaster recovery plan
Strategies for individuals
Develop a healthy dose of suspicion toward messages
Protect devices with antivirus and data with a VPN
Keep your antivirus software and other apps up to date
Use a secure cloud backup
Create strong, unique passwords (and don’t reuse them across accounts)
If a download asks to enable macros, DON’T DO IT
by Kyle Machado | Oct 13, 2021 | Threat Lab
Reading Time: ~ 3 min.
Malware leaps from the darkness to envelop our lives in a cloak of stolen information, lost data and worse. But to know your enemy is to defeat your enemy. So we peered over the ledge leading to the dark web and leapt. The forces we sought are disruptors – without warning, they disturb our businesses and our connections to family and friends.
And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021.
How malware disrupted our lives
These days, every major ransomware campaign runs a “double extortion” method, a scary prospect for small businesses. They steal and lock files away and they will absolutely leak data in the most damaging way if a ransom settlement is not reached.
Phishing continues to be key for these campaigns and it’s typically the first step in compromising a business for the nastiest malware.
This highlights the importance of user education – training users to avoid clicking these phishing lures or preventing them from enabling macros from these attachments are proven in stopping malware in its tracks.
While the list below may define payloads into different categories of malware, note that many of these bad actor groups contract work from others. This allows each group to specialize on their respective payload and perfect it.
This year’s wicked winners
Lemonduck
A persisting botnet with a cryptomining payload and more
Infects via emails, brute force, exploits and more
Removes competing malware, ensuring they’re the only infection
REvil
The Nastiest Ransomware of 2021 that made headlines with supply chain attacks
Many attempts to shutdown the REvil group have so far failed
Their ransomware as a service (RaaS) platform is on offer to other cybercriminals
Trickbot
Decade old banking and info-stealing Trojan and backdoor
Disables protections, spreads laterally and eventually leads to ransomware like Conti
Extremely resilient, surviving numerous attacks over the years
Dridex
Banking and info-stealing Trojan and backdoor
Spreads laterally and listens for domain credentials
Eventually leads to ransomware like Grief/BitPaymer/DoppelPaymer
Conti
Longstanding ransomware group also known as Ryuk and likely linked to LockFile ransomware
TrickBot’s favorite ransomware
Will leak or auction off data if victims don’t pay the ransom
Cobalt Strike
White hat-designed pen testing tool that’s been corrupted and used for evil
Very powerful features like process injection, privilege escalation and credential harvesting
The customizability and scalability are just too GOOD not to be abused by BAD actors
Victimized by malware
The good news (I guess) is that last year’s average ransom payment peaked at $200,000 and today’s average is just below $150,000.
The bad news is that hackers are spreading the love and targeting businesses of all sizes. In fact, most victims are small businesses that end up paying around $50,000. Ransomware actors are getting better with their tactics, recruiting talent and providing a streamlined user experience.
The whole process is terrifyingly simple and for every one that gets shut down, two spring up to replace it. To top it off, supply chain attacks are becoming a massive issue.
Protect yourself and your business
The key to staying safe is a layered approach to cybersecurity backed up by a cyber resilience strategy. Here are tips from our experts.
Strategies for business continuity
Lock down Remote Desktop Protocols (RDP)
Educate end users
Install reputable cybersecurity software
Set up a strong backup and disaster recovery plan
Strategies for individuals
Develop a healthy dose of suspicion toward messages
Protect devices with antivirus and data with a VPN
Keep your antivirus software and other apps up to date
Use a secure cloud backup
Create strong, unique passwords (and don’t reuse them across accounts)
If a download asks to enable macros, DON’T DO IT