3 reasons the ransomware threat will continue in 2018

Credit to Author: Trend Micro| Date: Wed, 24 Jan 2018 20:51:23 +0000

Ransomware continues to be a dangerous threat for individual users and enterprise systems.

Ransomware has been on the scene for more than a decade now, and thanks to increasingly sophisticated samples that attack victims across nearly every country, it’s become a global threat. According to CSO, ransomware has a longer history than many realize. While large-scale attacks reached the spotlight within the last handful of years, hackers have been using ransomware since 2005. What’s more, ransomware attacks have outnumbered general data breaches for the past 11 years running.

Unfortunately, ransomware continues to prove successful for cybercriminals, and more high-profile business targets fall victim to this kind of infection nearly every day. There’s no doubt that ransomware will maintain its reputation as a formidable threat in the cybersecurity industry. Here are three reasons why this threat will continue to be an issue for years to come:

1) Threats continue to evolve

The majority of ransomware samples are either known as crypto-based, or locker-based. Heimdal Security explained that crypto-based samples, also known as encrypting or data-locker infections, leverage sophisticated encryption algorithms to make system files and associated data inaccessible to the victim. CryptoLocker is one of the most well-known samples of this kind.From an outsider’s point of view, ransomware may appear simple: Take something from the victim and demand money for its safe return. However, there are several different types of ransomware threats that fall under the encryption and locker umbrellas, and there are numerous strategies for infecting victims.

Locker samples, on the other hand, lock down the infected device’s operating system – meaning that all files and data, as well as applications and other system platforms, are rendered unavailable. The recent Petya attacks fall into this category.

In addition to selecting between locker and encryption ransomware samples, attackers also have several choices when it comes to the actual technique used for infection. Traditionally, most infections are launched with a spam email that includes a malicious link or attachment, providing hackers entry into the system and enabling them to deliver the ransomware and lock down the system.

Hackers can also utilize unpatched security vulnerabilities to breach systems and let loose the ransomware sample, or leverage a self-propagating sample that begins with the infection of one machine and then spreads to all other connected computers.

Other strategies like injecting malicious code into legitimate webpages, or redirecting traffic to spoof sites have proven successful as well.

Because hackers have an array of samples and infection techniques to choose from, ransomware infections do not all look or operate the same way. While one infection may begin with an email and result in all data being encrypted, another may come from a malicious website and end with the entire operating system being locked down. This variation makes it difficult for users to guard against threats – but protection is not impossible.

2) It’s a lucrative business for hackers

Ransomware also gives hackers the ability to eliminate middle-man processes and instead target monetary rewards directly. As opposed to infecting victims, stealing their credentials and using these for fraud or selling them on an underground marketplace, cybercriminals are hitting up victims directly for cash.

“If the evolution of cybercriminal tactics over the years is any indication, cybercriminals are now going straight for the money instead of tricking users to give up their credentials,” Trend Micro noted in the new report, Security Predictions for 2018: Paradigm Shifts.

Man in all black - gloves, mask, jacket - typing on a laptop with binary code coming out of his face and heading into the laptop screen. Ransomware continues to be a big business for hackers who reap considerable profits.

Over the years, ransomware has demonstrated to be a successful cybercriminal business model for hackers, and with the money they rake in, it isn’t difficult to understand the driving factors behind the infections.

Despite numerous cases where victims pay the ransom only to realize that their system or files are still locked – or worse still, hackers demand a second ransom – businesses and individual users continue to offer up Bitcoin to cease attacks. The FBI put ransomware payments in the neighborhood of $24 million in 2015, and $1 billion in 2016.

The bad news is, as victims keep paying ransoms, hackers become more confident and demand more. CyberScoop reported that in 2016, the average ransom topped $1,000, an uptick of 266 percent compared to 2015. Some ransoms are considerably higher, depending upon the victim – a California college paid a ransom of $28,000 for the return of their files and data, and one medical center paid $17,000 to hackers for a decryption key.

The bottom line here is that as long as ransomware results in profit, hackers will continue to use it as a main attack strategy.

ransomwareThe threat of ransomware is pervasive, even as certain industries are commonly targeted.

3) There’s no shortage of targets

Ransomware continues to be a popular cybercriminal approach because of the sheer number of targets that can be infected. Everyone from individual users to large enterprises have been attacked, and small to expansive infections won’t stop anytime soon.

“The current success of ransomware campaigns — especially their extortion element — will prompt cybercriminals looking to make generous profits out of targeting populations that will yield the most return possible,” Trend Micro’s 2018 Security Predictions report stated. “Attackers will continue to rely on phishing campaigns in which emails with ransomware payload are delivered en masse to ensure a percentage of affected users. They will also go for the bigger buck by targeting a single organization, possibly in an Industrial Internet of Things (IIoT) environment, for a ransomware attack that will disrupt the operations and affect the production line.”

In addition, Heimdal found that certain sectors are more prone to ransomware infections than others due to the criticality of their data and reliance on it for daily operations. This includes:

• Healthcare providers

• Government agencies

• Educational institutions

• Legal firms

However, it appears that the lowest hanging fruit in most cases are individual smartphone users. As more consumers leverage these devices for work and personal activities and more sensitive data is stored on mobile systems, this will be a popular avenue for attack – Trend Micro discovered 234,000 mobile ransomware apps in the first half of 2017 alone.

Protecting against formidable threats

Because the threat of ransomware isn’t going anywhere anytime soon, it’s imperative that both individual users and enterprises leverage best practices for protection. This includes being aware of the most current threats and attack strategies, and maintaining an especially watchful eye for suspicious emails, attachments, links and websites. Protecting against formidable threats

Individual users and business employees that leverage their own mobile device for work should have a mobile security solution in place to help guard against cybercriminal activity like mobile malware samples.

Enterprises should also have a multi-pronged security system in place that includes email and web protection, endpoint safeguards, as well as network and server protection.

To find out more, connect with the security experts at Trend Micro today.

http://feeds.trendmicro.com/TrendMicroSimplySecurity