Welcome to Ransomware Examples brought to you by IBM. In this video, we'll learn what the most common ransomware are, and the various techniques they use to exploit users for money. On the Department of Homeland Security's ransomware homepage, that says that ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom. So why is ransomware so effective? The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and user systems can become infected with additional malware as a result. Often, they'll be presented with messages that say, "Your computer has been infected with a virus, click here to resolve the issue." Or, "Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine." "All files on your computer have been encrypted, you must pay the ransom within 72 hours to regain access to your data." The authors of ransomware will back you into a wall and use fear tactics to try and elicit a ransom. In the previous video, we discussed the different types of ransomware such as crypto ransomware, locker ransomware, and leakware. Now it's time to look at specific examples of ransomware. The first example is Locky. This ransomware was capable of encrypting over 160 different file types. It used phishing to target those with designer, engineering, or developer file types. Arguably, the most infamousive ransomware, WannaCry, spread across 150 countries in 2017. They capitalized on out-of-date software in the healthcare industry, costing four billion in losses worldwide. The Bad Rabbit ransomware used fake Adobe Flash websites to install ransomware, tricking users into thinking they needed to complete an update. When they clicked on the "Install" button, it would install the ransomware instead. Ryuk spread in 2018, and it was specifically focused on Windows. What it did was disable the System Restore button, so that way when you saw you'll become a victim of the ransomware, you did not have the ability in your current operating system to complete the backup. What was particularly malicious was that it encrypted networked drives as well. Troldesh was popular in 2015 and went for quantity over quality. They did this by catching victims through spam e-mail links and attachments. The Jigsaw ransomware was named after the Saw horror films. It torments its victims by deleting files incrementally, more and more with each hour the ransom was not paid. The CryptoLocker spread through e-mail attachments. Over a half a million computers were impacted. But it was countered by law enforcement who was able to see the network of all CryptoLocker computers that were helping proliferate the ransomware, and were able to distribute keys to the victims unbeknownst to the cybercriminals. The Petya was a precursor to GoldenEye, and it just straight encrypted the entire hard drive. When it resurfaces GoldenEye, it was around the same time WannaCry was popular. They targeted pretty high-profile users and locked them out completely. The last one was GandCrab, which claimed to have used the users' webcam to record personal and private moments, and threatened to release that footage unless a ransom was paid. Even as scary as the landscape of ransomware is, the future isn't anymore promising. As organizations become increasingly more dependent on tech solutions, the scope for ransomware only increases. So it's just a matter of time now before the Internet of Things becomes the Ransomware of Things because the increasing use of Internet connected industrial controlled systems, smart buildings, and vehicles, including autonomous vehicles, is creating new areas for possible exploitation. Things like remote locking of vehicles, homes, and buildings could be abused for extortion. Manipulation of building automated systems, such as those controlling the HVAC, which is the heating, ventilation, and AC, could serve as a basis for new schemes. In a 2018 white paper titled Ransomware and Enterprise Perspective by Stephen Cobb, he discussed what some of the recommended responses would be to this evolution of ransomware. First, start to address the potential threats in your risk management strategy and planning. Get a handle on how ransomable assets are now, your Internet of Things devices, single or home office routers, new robots, control systems, or autonomous systems. Track the vulnerability reports related to those assets and keep up with the patching and firmware. Last, segment the Internet of Things devices and other new technologies from your production networks. That way, if one is compromised, the other has a chance. Now we're going to take a look at a real-world example of a massive ransomware attack against the city of Atlanta. We'll see in the next video.