Ransomware as an engine of progress

Have you ever encountered such a virus, when a window pops up on the entire screen asking you to transfer a certain amount to such a PayPal wallet?..

It is usually difficult to close and annoyingly covers most of the screen. Such a window is generally considered to be an ordinary virus, and perhaps this is correct, because most of such programs can still be removed without reinstalling the system.

Such programs became widespread in the 2000s. Society quickly found ways to combat them, so the only thing left for such viruses was to adapt to the rapid progress in the field of cybersecurity.
The beginning of the second decade brought full-fledged WEB 2.0 to our world — a new era of the Internet, which gave the whole world the opportunity to store terabytes of information on cloud storage. Humanity has forgotten what disks and flash drives are, transferring all information for storage to the Internet.
Then, WEB 3.0 came to replace it, which proved that any information is property and each user should own what he himself created. And it was at this junction of WEB 2.0 and WEB 3.0 that viruses such as Ransomware appeared.

Ransomware is aimed at attacking cloud storage or hard drives, since many users store information there. Ransomware, is malware that locks a system until the victim pays funds (increasingly in the form of cryptocurrency) for removal. In simple words — a program that blackmails the victim.
The volume of stolen funds using ransomware for the period 2017−2022
According to a report by the American analytical company specializing in blockchain technologies Chainalysis, ransomware accounted for about $ 457 million in 2022, which is approximately 9% of the total amount of stolen funds. With the help of Ransomware, hackers received $ 456.8 million, which is 40% less than $ 765.6 million in 2021.
The boom of 2020−2021 is connected, first of all, with the situation in the world. The coronavirus epidemic and universal remote work have provided ransomware with a huge amount of work.
The most common way cybercriminals infect data files is by sending emails with malicious links or attachments. Employees clicking on these links inadvertently initiate an attack. These emails can be mass emails sent to millions of potential victims, or they can be targeted messages to people in specific organizations. In the latter case, they are usually combined with social engineering methods, with the help of which cybercriminals collect the necessary information about the victim in advance.


Locky is a ransomware attack that was first carried out by a group of organized hackers in 2016.

Over 160 file types have been encrypted using Locky. The program was distributed via emails containing infected attachments.
Users fell for the email scam and installed ransomware on their computers. This distribution method is called phishing and is a form of social engineering. Locky ransomware targets file types commonly used by designers, developers, engineers, and testers.

The WannaCry attack was a ransomware attack that occurred in over 150 countries in 2017.

It exploited a Windows security vulnerability created by the NSA and made public by the hacker group Shadow Brokers.

The attack affected 230,000 computers worldwide, including a third of NHS hospitals, causing £92 million in damage. Users were blocked and required to pay a ransom in Bitcoin. The attack exposed a problem with legacy systems as hackers exploited a vulnerability in the operating system. The global financial cost of WannaCry is estimated at approximately $ 4 billion.

Ryuk is a ransomware Trojan that spread in August 2018.

It does not allow you to restore the Windows function, making it impossible to restore encrypted data without a backup. The Ryuk virus also encrypts network hard drives.
The attack had widespread consequences and many US companies that were affected paid the required ransom amount. Total damage is estimated at more than $ 640,000.

Ransomware is used in a wide variety of areas. Typically the ransom amount ranges from $ 100 to $ 200. However, sometimes, attackers demand much more if they realize that blocking data can cause significant financial losses for the company. This allows cybercriminals to earn significant amounts of money.

Stingy pays twice: or "From ordinary users to corporations"

Hackers are evolving, gradually moving from ordinary users to companies. The chances that the company, in order to preserve its image, status and data, will pay the ransom are much higher.
A Symantec study showed that 81% of the total number of infections occurred in corporate infrastructure, and when looking at market segments, then 62% of attacks occur on small and medium-sized businesses.

Let us present statistics from the Coveware company, according to which it can be noted that the percentage of those who agreed to pay the ransom is decreasing. Because of this, hackers have no choice but to take big fish for profit.
Fingerprint or sometimes Footprint is a complete digital fingerprint of the device, consisting of information about your operating system, settings, active browsers, installed plugins, etc.


As they say, to sum it up, we would like to give Internet users a few rules that should always be kept in mind, each point comes down to making each user more aware of the problem. And remember: informed means armed!

MetaMask is a non-custodial wallet created by ConsenSys
Creating Backups

If you don’t store your data offline, you risk losing it, even if you use regular cloud and virtual backups. To avoid this, you should make regular backups to a safe location, keep multiple copies, and ensure that the backup copies match the original.

Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company
Upgrading the qualifications of employees/staff/users

Increasing awareness of ransomware is a fundamental goal of improving cybersecurity. It is important to regularly conduct both general and individual training, as all it takes is one employee to let their guard down and the entire organization will be compromised.

Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company
Spam filters

Cybercriminals send millions of malicious emails to random organizations and users, but an effective spam filter that constantly adapts to new threats can prevent more than 99% of these messages from reaching employees' email and messaging accounts.

Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company
Block JavaScript files

Currently, the spread of ransomware viruses contained in zip archives containing JavaScript files is a problem. These files are usually disguised as text documents named readme.txt.js and can be processed as readme.txt. One way to protect against this vulnerability is to disable Windows Script Host.

Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company
Check sent files in the sandbox
Sandbox testing is a common method among cybersecurity professionals to examine new or unknown files. Sandboxes are an environment isolated from the corporate network for secure testing of files. An example of a sandbox is the SandBox program.
Infura is a node provider that allows developers to connect to the Ethereum network using nodes managed by this company
Take security precautions when accessing remotely

Disabling third-party devices is not enough to successfully protect against cyber attacks. When gaining remote access to a corporate network, company employees must install all the necessary security software (anti-virus and anti-spyware packages, a reliable firewall) on their PCs and laptops to minimize the risk of ransomware attacks

We also recommend