Ransomware Response

What is Ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cyber-criminals in Bitcoin.

P1 Cyber can fully investigate all types of Ransomware cases and will provide you with the following details during an investigation:
1) How did an attacker access your network?
2) What did the attacker do on your network?

3) Did the attacker steal any of your data?

As part of our Ransomware Response service we will provide you with recommendations on how you can protect yourself from future attacks. We can also make payments on behalf of clients and perform threat actor communications. 

We are highly experienced in dealing with Ransomware Incidents and are a leading Cyber Security provider in Leicester.

We have investigated the following variants;

Locky ransomware was first used for an attack in 2016 by a group of organized hackers. Locky encrypted more than 160 file types and was spread by means of fake emails with infected attachments. This method of spreading is called phishing, and is a form of what is known as social engineering.

WannaCry was a ransomware attack that spread to over 150 countries in 2017. It was designed to exploit a security vulnerability in Windows that was created by the NSA and leaked by the Shadow Brokers hacker group. WannaCry affected 230,000 computers worldwide. The attack hit one-third of all NHS hospitals in the UK, causing
estimated damages of 92 million pounds.

Bad Rabbit was a ransomware attack from 2017 that spread via so-called drive-by attacks. Insecure websites were used to carry out the attacks. In a drive-by ransomware
attack, a user visits a real website, unaware that it has been compromised byhackers. For most drive-by attacks, all that is required is for a user to call up a page that has been compromised in this way. In this case, however, running an installer that contained disguised malware led to the infection. This is called a malware dropper. Bad Rabbit asked the user to run a fake Adobe Flash installation, thereby infecting the computer with malware.

Ryuk is an encryption Trojan that spread in August 2018 and disabled the recovery function of Windows operating systems. This made it impossible to
restore the encrypted data without an external backup. Ryuk also encrypted network hard disks.

Jigsaw is a ransomware attack that began in 2016. The attack got its name from an image it displayed of the well-known puppet from the Saw movie franchise. With each additional hour the ransom remained unpaid, Jigsaw ransomware deleted more files. The use of the horror movie image caused additional stress among users.

CryptoLocker is ransomware that was first spotted in 2007 and spread via infected email attachments.The ransomware searched for important data on infected computers and encrypted it. An estimated 500,000 computers were affected. Law enforcement agencies and security companies eventually managed to seize control of a worldwide network of hijacked home computers that were used to spread CryptoLocker.

Petya (not tobe confused with ExPetr) is a ransomware attack that occurred in 2016 and was resurrected as GoldenEye in 2017. Instead of encrypting certain
files, this malicious ransomware encrypted the victim’s entire hard disk. This was done by encrypting the Master File Table (MFT), which made it impossible to access files on the hard disk. Petya ransomware spread to corporate HR departments via a fake application that contained an infected Dropbox link.

GandCrab is a ransomware that threatened to disclose the porn habits of its victims. It claimed that it had hacked the victim’s webcam and
demanded a ransom. If the ransom wasn’t paid, embarrassing footage of the victim would be published online. After its first appearance in 2018, GandCrab ransomware continued to develop in various versions.