top of page
  • Writer's pictureMEYO

The 5 Most Dangerous Ransomware Attacks 

Maze Ransomware

The Maze is the most infamous ransomware threat to enterprises all over the world at the moment. It was previously known as “ChaCha ransomware” and was discovered by Jerome Segura on May 29, 2019. This ransomware hacking group used exploit kits like Fallout and Spelvo in the beginning to deploy attacks.

This ruthless ransomware is infamous for its new approach of attacking where it publishes sensitive information publicly by using different methods. The Maze ransomware encrypts all files and demands for the ransom to recover the files. It threatens to release the information on the internet if the victim fails to pay the demanded ransom.

However, the threat isn’t idle as the threat actor actually publishes one of the victim’s files over the internet. Even if the victim sues the Maze, the damage is already done. The most recent victims of Maze ransomware are Cognizant, Canon allegedly, Xerox, and industries like healthcare.

REvil Ransomware

REvil is a file blocking virus and is considered as a cyber threat that encrypts victim’s files after infecting the system and sends a request message. The message explains that the victim is required to pay the requested ransom in bitcoin. If the victim fails to pay the ransom in time, the demand is doubled.

Recently REvil ransomware made headlines in the news for the latest data breach on media and entertainment lawyers Grubman Shire Meiselas & Sacks. This ransomware targeted several A-list celebrities clients of the law firm and leaked their data on the dark web.

A series of screenshots including a legal document of Madonna’s tour contract and dozens of computer files of celebrities like Bruce Springsteen, Bette Midler, and Barbra Streisand were leaked. According to several reports, personal information of stars such as Robert De Niro, Drake, Mariah Carey, Rod Stewart, Elton John, and many more might have been compromised.

Ryuk Ransomware

Ryuk is one of the most active ransomware and the biggest players among other ransomware. It is a type of crypto-ransomware that blocks access to a file, system or device by using encryption until the ransom is paid.

Ryuk uses other malware to infect a system. It either uses TrickBot or other means like Remote Desktop Services to gain unauthorized access to a system. It uses robust military algorithms such as RSA and AES to encrypt files using a unique key for each executable.

Ryuk ransomware mainly targets business giants and government agencies that can pay huge ransoms in return. It recently targeted a US-based Fortune 500 company, EMCOR and took down some of its IT systems.

Tycoon Ransomware

Tycoon is a recently discovered ransomware strain that is written in Java. This malware has been targeting several organizations in the education and software industries, including SMBs. This malware is considered as an unusual one as it is deployed in a trojanized version of Java Runtime Environment. It is compiled in ImageJ, a Java image format, for malicious purposes.

It has been discovered targeting Windows and Linux using the Java image format as part of the attack process. The Tycoon has been aggressively targeting since the last six months of its discovery but the number of victims seems to be less for now.

Reportedly, this ransomware uses different types of techniques that help it to stay hidden. Tycoon denies access to the administrator after it infects the system, following an attack on the file servers and domain controller. It takes advantage of weak or compromised passwords and is a common attack vector that exploits servers for malware.

NetWalker Ransomware

NetWalker, also known as Mailto, is one of the newest variants of the ransomware family. Various remote working individuals, enterprises, government agencies as well as healthcare organizations reported being attacked by NetWalker this year.

NetWalker ransomware compromises the network of its victim and encrypts all the Windows devices that are connected to it. When executed, it uses an embedded configuration which includes ransom note, file names and several configuration operations.

According to security researchers, this ransomware spreads itself in two ways:

  • Through a VBS script that is attached to Coronavirus phishing emails

  • Executable files that spread through networks


bottom of page