Image: Trend Micro
Ransomware is here to stay and is only going to get more dangerous as cybercriminals move towards increasingly sophisticated forms of the cryptographic malware to carry out targeted attacks.
This grim forecast is made by Kapersky Lab in its newly released Ransomware in 2016 – 2017 report – but it isn’t all completely bad news, because researchers believe that the competition the underground ransomware market will lead to some families being killed off in an “intra-species massacre”.
Cybercriminals are still making plenty of money by exploiting victims with ransom demands ranging from a couple of hundred to a couple of thousands dollars. But many of these types of attack use random large-scale spam email campaigns in the hope of luring in victims.
Now, however, some criminals are specifically targeting a specially selected enterprise network, infecting them via specially crafted phishing emails then extorting much higher ransom payments from victims.
Amongst those who’ve attacked financial organisations is the group behind PetrWrap, a form of ransomware which seems to have been built using code borrowed from the Petya ransomware. It indicates how- unsurprisingly – criminal groups are more than happy to deploy underhand tactics to take out rivals to gain control of the ransomware space, potentially devouring one another in the process.
“Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organized and effective their malicious campaigns will be,” says the Kaspersky report.
However, ransomware is still some way off reaching saturation point, with hackers increasingly eyeing opportunities to deploy their malware in countries in previously unreached by infections.
For example there are already some forms of ransomware which will automatically alter ransom demands depending on the victim’s location in order to maximise the chance of the victim paying up.
Researchers suggest that the growing popularity of ransomware-as-service – schemes which allow those without technical know-how to subscribe to ransomware services in exchange for giving the authors a cut of the profit – means that the problem is only going to become bigger.
That’s all while ransomware is growing in sophistication and diversity in what researchers describe as an “increasingly efficient underground ecosystem”.
The report might sound gloomy, but researchers say ransomware can be stopped with collaboration. “To make it stop the world needs to unite to disrupt the criminals’ operations and make it increasingly difficult for them to profit from attacks,” say researchers.
One way cybersecurity firms and law enforcement authorities are working together to protect against ransomware is via the No More Ransom project – which Kaspersky is a founding member of.
Launched by Europol, the Dutch National Police, Intel Security, and Kaspersky Lab in July last year, the No More Ransom initiative provides keys to unlocking encrypted files, as well as information on how to avoid getting infected in the first place.
READ MORE ON CYBERCRIME