Ransomware is a particularly insidious category of malware that can lock computers, encrypt files, or both, and hold them for ransom. There are many different ransomware strains that can vary in their functionality and infection capabilities. And as you may have noticed, some ransomware strains also have colorful names. What do the ransomware names mean, and what makes one ransomware different from the next?
Ryuk is a Shinigami or God of death in the Japanese animated series Death Note. The show’s protagonist discovers the character and attempts to use him for good deeds while fulfilling Ryuk’s hunger for amusement. Fans have drawn entertainment both from Ryuk and the show’s dark humor.
Unfortunately, there’s nothing humorous about Ryuk ransomware, which researchers found in 2017. What makes Ryuk ransomware more threatening than other strains is its ability to isolate network drives and resources and delete and disable restoration tools and backup systems. It can also spread more easily with its new worm-like capabilities.
Extortionists typically use Ryuk for targeted attacks. The malware has infected businesses, media websites, and even hospitals. Researchers estimate that the malware raised over $61 million between February 2018 and October 2019 alone.
Petya is another ransomware strain with a name drawn from popular culture. In the 1995 James Bond film GoldenEye, Petya was a Soviet weapon satellite carrying a weapon of mass destruction. The Petya ransomware was similarly destructive and innovative, though it wasn’t unusually infectious.
The first Petya ransomware strain was unique because it blocked victims from accessing their computers rather than encrypting files. The malware spread through phishing emails that carried job offers. But for Petya to unleash havoc, users had to agree to grant it administrative control, which many experienced users recognized as a red flag.
Later versions of Petya were more infectious and even more dangerous. One, in particular, NotPetya, may still give many computer users nightmares.
In 2017, a variant of Petya started infecting computers that were so different that researchers dubbed it “NotPetya” in order to help people understand it was new ransomware. NotPetya was part of a cyberattack in Europe, primarily targeting companies in Ukraine. Later, NotPetya spread to Germany, Italy, France, Poland, the United Kingdom, and the United States. Unlike Petya, NotPetya did not seek administrative permissions. It also used a Windows Server Message Block (SMB) protocol exploit called EternalBlue. While many researchers believe that the ransomware started from Russia as a political attack, its exploit may have been stolen from the U.S. National Security Agency (NSA).
WannaCry got its name from strings of codes found in initial samples of the malware, but the name was apt because it made a lot of organizations want to shed tears of grief. The crypto-ransomware exploited an SMB vulnerability to infect countless hospitals, banks, and other companies globally, costing billions. Investigators later found that elements in North Korea were responsible for the malware. These are four pieces of ransomware with interesting names. To protect your data from any of them, use the most secure version of your operating system and invest in anti-malware technology with ransomware rollback capabilities.