Ransomware Attacks

Click on a state to see detailed information regarding all attacks in that state.
Only Application Whitelisting can stop Ransomware. There is still time.
Under Cyber Attack? Get Help Now!
How to Prevent Ransomware?
Attacks Since 2016
What is a Ransomware Attack?

What is Ransomware?

Ransomware is a type of malware that locks, or encrypts, what is deemed to be the user's most important data. Then, the cyber criminals hold this data hostage, demanding a ransom payment in order for the user to retrieve access to their files again. Don't let hackers encrypt or steal your data.

Consult with a Ransomware Specialist.

Ransomware Identifiers:

Recover Ransomware Encrypted Files Users are no longer able to access their files
Help fixing Ransomware files. The file extensions have changed
Malware Ransom Screen Alert A ransom note is displayed on the user's screen

Ransomware is Spreading Across the U.S.

There is a rash of ransomware hitting the United States. These attacks will only continue to grow in intensity and frequency. It's not just consumers being attacked. Corporations, small businesses and even government agencies are having their computer files held ransom. Read more about the best Ransomware Protection for Business.

Behind Every Attack is a Failed Antivirus

Ransomware and cyber security have an inverse relationship. The better the security, the less likely the ransomware will be able to execute. Unfortunately, many of today's antivirus solutions are based on out-dated technology, only blocking files that are known to be bad. With cyber criminals creating new strains of malware every day, waiting for a "bad file" classification is not feasible.

The best ransomware protection uses application whitelisting that completely blocks malware from infecting your computer, mobile device or network. Learn more about how PC Matic's patented whitelisting security solutions can keep you safe from ransomware attacks. PC Matic's Anti-Ransomware Software Solution is the best cyber defense providing comprehensive virus, malware and ransomware protection.

"Ask yourself, will regular antivirus software keep you safe from hackers intruding into your device? Will it stop Cryptowall or Cryptolocker malware?
Will it prevent GoldenEye, Petya, Bad Rabbit, Jigsaw, Locky, Maze or LockBit ransomware?" See the anti-malware comparison chart below to see how well other antivirus software products perform at preventing data breaches and cyber attacks.

This graph shows you how many times each security solution failed, thus allowing ransomware to infiltrate its customers' networks
This information was obtained through the submission of FOIA requests, as well as government contracts. As additional information is received, this graph will be updated.
Computer and Laptop Ransomware Protection

Fight Back Against Ransomware with PC Matic

PC Matic protects all of your devices from modern security threats and cybercrime.

History of Ransomware

Ransomware originated in 1989; however it wasn't until 2008 that the trend began to truly expand. It was then that the hackers were falsifying their identities as the FBI demanding payment for a "fine" for "illegal activities". Unfortunately, the hackers learned how lucrative ransomware could potentially be and has been on the rise since. The last twelve months have shown the most growth in ransomware since origination in 1989.

Ransomware Attacks continue to increase in popularity for two reasons; victims are paying ransoms and advances in technology are making malware attacks easier. Regardless of the type of ransomware, the overall concept remains consistent - extort the user by encrypting their most important data. Another emerging ransom threat is the exfiltration of sensitive data and threatening to release it if a ransom is not paid.

Types of Ransomware

What types of Ransomware Attack are there? There are two main types of ransomware attack, Crypto-Ransomware and Locker-Ransomware.

Crypto-Ransomware Attacks. Crypto-Ransomware encrypts important, critical or sensitive data files on a computer system or network making them unavailable to view or use until a ransom is paid for the decryption key. A deadline for paying the ransom is usually set. Once the ransom demand is met, the victim can obtain the key and decrypt their files. Locky, Cryptolocker, WannaCry, Ryuk, LockBit are examples of this type of attack.

Locker-Ransomware Attacks. Locker-Ransomware locks access to a device, computer system or network until a ransom is paid. Once the ransom demand is met, the victim can regain access to their device or network system. Locker Ransomware is also known as Screen-Locking which locks the user's screen or desktop. Another strain of this type of malware attack is MBR Locking Ransomware (Master Boot Record) or Master File Table (MFT) Locking, which holds a computer, laptop or mobile device hostage by blocking a victim's access to the operating system. In this type of cyber-attack malware infects the master boot record preventing the operating system as well as any antivirus or ransomware tools from loading. Petya and GoldenEye are an examples of locker ransomware.

How to Protect Yourself from Ransomware

Only Application Whitelisting can prevent both types of attack. The best ransomware protection is using a whitelisting anti-ransomware software solution to prevent unauthorized system access and falling victim to cybercriminals.

What are The Latest Ransomware Threats?

Trickbot, Dridex, Qbot, IcedID, FiveHands, Maze, Egregor, Conti, Sodinokibi, DoppelPaymer, and NetWalker - are among the most recent ransom variants gaining in popularity. Emerging new threat actors include AvosLocker, Hive Ransomware, and HelloKitty. Cybersecurity firms suggest these are the most dangerous emerging ransomware threat gangs to watch in 2021.

Ransomware Attacks have increased 65% Year-Over-Year from August 2020 to August 2021 with ransomware gangs Revil and Darkside having been particularly active launching almost 1/3 of the cyber-attacks. Cybercriminals are increasingly exploiting application vulnerabilities to gain access and control of a network's application infrastructure to encrypt sensitive, critical, and valuable data.

Ransomware Group Threat Schemes continue to entice disenfranchised employees to deploy malicious scripts. In additon to Lockbit 2.0, Black Kingdom Ransomware is offering one million dollars, or 40% of a $2.5 million ransom as an enticement to employees who help deploy the ransomware known as DemonWare, either remotely or on premises. Insider cyber-threat schemes against corporations and their networks are expected to increase.

Microsoft Windows Tech Support Scam. Using email messages, hackers trick end-users into calling a fraudulent call center or downloading a malicious PDF file with the moniker BazaLoader which installs a backdoor on their computer for hacking into network systems. The malware gives a hacker hands-on-keyboard control of the victim computer leading to the installation of ransomware.

LockFile Windows Exchange Ransomware. LockFile encrypts Windows domains using the recently disclosed ProxyShell and PetitPotam vulnerabilities using unauthenticated, remote code execution to hack into and encrypt devices. (LockFile exploit by the Conti ransomware operation.)

Karma Ransomware Data Leak Cyber Threat. Karma ransomware data breach threatens to release exfiltrated, encrypted data to journalists and publish the data to their website if the ransom isn't paid.

Triple Threat Extortion Schemes. In addition to the targeted victim, Triple Extortion Ransomware demands payments from a victim's customers, vendors, partners and other third party contacts. Data encrytion, (DDoS) denial of service attacks which prevent systems from responding, and data exfiltration (leakage) are three attack methods used in combination to extort funds. Leakware or Doxware is used by cybercriminals for data exfiltration and blackmail by threatening to publicize confidential data, embarassing information, or images stolen from a victim's computer or network unless ransom is paid.

How Ransomware Infects a System

Malicious Script Infections are typically spread through phishing emails and highly targeted spear-phishing emails that contain malicious PDF, document, image attachments, smishing using fraudulent SMS text message links, or through malicious drive-by downloads. Drive-by download cyber-attacks are conducted via deceptive, unintentional download of malicious code to a computer system or mobile phone. Malicious script downloads occur when visiting a malicious website, clicking on a link, opening an e-mail attachment or clicking on a fraudulent, deceptive pop-up ad. Drive-by infections are one of the most common methods used by hackers to install malware on a device without consent to gain unauthorized access in order to launch a cyber-attack.

Fileless Malware Infection. Fileless malware operates in system memory (RAM Random-Access Memory). Memory code-injection malware techniques involve hiding malicious code in the memory of legitimate programs. Malicious script code executes from within the device's memory without being stored or downloaded directly onto a system's hard drive. These types of cyber-attack are designed to masquerade and "piggyback" on legitimate program scripts by executing their malicious code undetected while the legitimate program continues to run. Fileless malware remains undetected because it is memory-based, not file-based, and therefore has no signature "footprint" for antivirus software to detect.

Windows PowerShell and Server Message Block (SMB) Vulnerability. Fileless cyber-threats, LockBit and other crypto-attacks use PowerShell and SMB to self-propagate with automated scripting processes. Ransomware and Trojans use vulnerabilities in the Windows Server Message Block to gain unauthorized access to a system and infect an entire network. Windows SMB is used for file and printer sharing, and for access to remote services which allows for lateral viral spread through connected systems.

Zero-Day Attacks. Vulnerable software allows hackers to exploit a security hole before the release of a security patch can be developed to fix the vulnerability.

Living off the Land Attacks (LotL). A type of fileless cyber-attack where hackers use legitimate software programs and system tools to penetrate and attack a system without leaving a trace or artifact. Cyber intruders use software tools such as WMI (Windows Management Instrumentation) to access credentials, bypass system security, and avoid antivirus detection to steal sensitive data and move laterally across a network. Many cybercriminals engaged in Living off the Land attacks use Mimikatz security credential scanner, PowerShell to run malicious scripts and obtain unauthorized privileges, and PsExec a remote command tool to insert malware and gain undetected access.

HTML and Javascript Smuggling HTML5 smuggling attacks enable a threat actor to smuggle maliciously coded script within an HTML email attachment, a DLL (Dynamic-link library) or Javascript on an HTML web page. Hackers use HTML5 software features to bypass content filters to deliver malware payloads to a user's device. The cyberattack tactic deploys obfuscated files, data URLs, JavaScript Blobs and HTML5 download features on Windows, macOS and Linux platforms to penetrate antivirus, web content filters and static file analysis defenses.

Social Engineering Techniques. Phishing, Vishing, Smishing, Whaling, Pretexting (Impersonation), Quid pro Quo, Tailgating, Piggybacking, and Baiting are effective techniques cybercriminals use to deceive, trick, extort, and steal from cyber-victims.

How are Ransomware Attackers Paid?

Ransomware Demand Payments are typically paid by anonymous cryptocurrency in Bitcoin, Ethereum, Venmo, Monero, or by wire-transfer through Western Union. The "digital ransom note" is either a file, pop-up window, or text message providing payment instructions. Some cybercriminals may also demand payment in the form of gift cards.

Best Ransomware Attack Protection of 2021

Under Ransom Attack? Get help from PC Matic Anti-Ransomware Solutions. PC Matic is the pioneer in implementing Whitelisting Technology in small business and enterprise organizations, local and federal governments, K-12 schools districts, colleges, universities and educational institutions, hospitals and healthcare facilities, financial institutions, non-profits, critical infrastructure, and industry of all sizes. The main goal of whitelisting is to protect devices, computers, servers, and networks from harmful applications. PC Matic has the best cybersecurity solution for preventing ransomware with Application Whitelisting in on-premises, cloud, dynamic and hybrid computing environments. Read more about Ransomware Cybersecurity

What Should You Do If Infected By Ransomware?

Bitcoin Ransomware Attacks

Do Not Pay the Ransom

Do not pay the ransom. When the ransom is paid, it feeds the ecosystem almost guaranteeing that the attacks will increase in frequency and severity. One of the reasons that you have become infected is because someone before you paid a ransom. Preventing ransomware attacks through better cybersecurity is much better than rewarding hackers and cybercriminals.

Who do I contact for Ransomware Attack Recovery?

Contact the FBI

The FBI is the center point for ransomware infections and they need to understand how many people and organizations are being infected and the impact on our country. Reporting computer hacking or cyber-intrusion incidents helps in the fight against cybercrime.

My computer is infected with a Ransomware.

Get the Sample

Have a computer professional find the sample and give it to your AV vendor. They can add this sample to their blacklist so others can avoid being infected with this strain. Almost all antivirus vendors have sample sharing arrangements, so once you report it, it is their responsibility to disseminate the sample to the other blacklists.

Secure Your Family’s Devices

Millions of families around the world trust PC Matic to protect their home devices.

Business & Government Security

PC Matic Pro provides security and device management for public and private organizations of any size.

All Ransomware Attacks by State