Forecasting the Future of Ransomware

CERT-LatestNews KasperskyNews Security News ThreatsCybercrime ThreatsStrategic TrendMicroNews Uncategorized

Despite efforts on the part of enterprises to educate staff and enhance their ability to prevent infection, ransomware attacks still persist.

There’s no question that ransomware is one of the most formidable threats to a business. With so much riding on digitized data, important applications and other systems, any interruption to access of these crucial assets can quickly spell disaster for an organization.

Despite efforts on the part of enterprises to educate staff and enhance their ability to prevent infection, ransomware attacks still persist. At this juncture, it’s important that businesses not only work reactively according to current threats, but look toward future protection as well.

Ransomware: A brief history

According to a research paper from Trend Micro, “Ransomware: Past, Present and Future,” the first ransomware samples emerged in the mid-2000s, helping to cement extortion as a staple in the cybercrime community. Many of these initial ransomware families work similarly to new samples being discovered today – after infiltrating the victim’s system, important files and data are encrypted, preventing access to anyone except the hacker holding the decryption key. Attackers will then demand a ransom – typically in untraceable Bitcoin – for the safe return of files.

Results of an attack can vary: Some organizations have paid the ransom and have seen the decryption and returned access of their files. Other victims haven’t been so lucky, and are never able to reclaim stolen data, despite payment of the ransom.

Initially, ransomware was centered around victims in Russia in 2005 and 2006. Infections were then observed in other European countries by 2012. Even then, attackers were careful to cover their tracks, demanding ransom through payment methods like paysafecard and MoneyPak to conceal their malicious activity.

According to Trend Micro, some early ransomware attacks were nothing more than hoaxes, leveraging convincing yet fake alerts to encourage users to pay the ransom. Other samples did use screen locks to prevent users from going beyond the notification window.

Ransomware has seen a meteoric rise. Ransomware has seen a meteoric rise.

2013 saw the emergence of “crypto-ransomware” samples, including the now infamous CryptoLocker. These infections became increasingly dangerous, as not only was data encrypted and access blocked, these samples also had the ability to delete encrypted files after a certain time period if the ransom wasn’t paid.

Ransomware infections reached a peak in 2016, earning it the moniker, “The year of ransomware.” Where 2015 saw the discovery of 29 different ransomware families, this number shot to 247 families in 2016, representing a staggering 752 percent increase. Overall, attackers generated significant profits from ransomware infections that year, with hackers raking in a reported $1 billion. Much of this was the result of attacking large businesses without data backups, making ransom demands more successful for cybercriminals.

Ransomware in 2017

These attacks are on track to reach another milestone this year. According to a report from Kaspersky Lab, ransomware attacks rose 250 percent during the first few months of 2017, with many infections centered around the U.S.

Much of this increase stems from the discovery of new ransomware like WannaCry in April, and Petya, which is currently impacting businesses, government organizations and utility providers in Europe. In addition, The Verge reported in late June 2017 that another new ransomware – initially thought to be a variant of Petya – was impacting users leveraging the same EternalBlue exploit utilized in WannaCry infections. This new strain is currently being called “NotPetya.”

Future predictions: Where will ransomware go from here?

Besides newly emerging ransomware samples, experts have made a few other significant predictions about what the future of ransomware will hold.

Trend Micro predicted that there will be an evolution in ransomware strategy in the near future, including increased ransomware attacks on IoT systems

In addition, IDC’s Worldwide Healthcare Predictions Report noted that by 2018, the number of ransomware attacks seen in the healthcare industry are on pace to double. This comes as a result of hackers focusing more on healthcare providers and others within the industry with access to sensitive patient and other valuable data. What’s more, the current interest in this industry among hackers is reaching a fever pitch. 

“The report describes the increased menace and maturity of ransomware techniques as creating a ‘gold-rush mentality’ amongst the cyber attack community as growing numbers seek to cash in,” wrote Converge contributor Shelly Kramer.

Imperva contributor Elad Erez predicted a sharp increase in ransomware attacks that pinpoint a victim’s most important databases. These attacks may also utilize other forms of data corruption in addition to encryption, including completely wiping out files, dropping database tables or changing database records.

As ransomware continues to become more advanced, law enforcement efforts are quickly catching up. Law enforcement is collaborating with other organizations like the Cyber Threat Alliance and No More Ransomware to help improve its ability to pinpoint the sources of powerful ransomware families and prevent further attacks.

Overall, ransomware attacks aren’t poised to slow anytime soon.

“In terms of potential, [ransomware samples] can evolve into malware that disable entire infrastructure (critical not only to a business’s operations but also a city’s or even a nation’s) until the ransom is paid,” Trend Micro stated.

Protection in the Age of Ransomware 

Even as ransomware attacks continue to increase in severity and complexity, there are a few important strategies businesses should leverage to better protect their sensitive data assets. This includes:

  • Educating employees about the risks of ransomware, how an infection can be delivered, and what to do when suspicious activity is suspected.
  • Ensuring all security patches are put in place as quickly as possible, minimizing any vulnerabilities.
  • Limiting access to sensitive data.
  • Following a robust backup schedule that includes three copies of sensitive data in at least two different formats, one of which is housed outside the company’s internal network.

It’s also imperative to have the right security technologies in place.

“Security solutions that incorporate a cross-generational technology approach that combines reputation-based analysis with other anti-ransomware capabilities like whitelisting and application control, behavioral analysis, network monitoring, vulnerability shielding, and high-fidelity machine learning can better protect companies while minimizing the impact on their computing resources,” Trend Micro noted.

To find out more about the future of ransomware and how you can protect your business, contact the experts at Trend Micro today.