Ransomware: Why It Will Cause Even More Damage and Destruction in 2018
Ransomware – that is, computer malware that prevents users from accessing their files until they pay a ransom to some criminal enterprise – has already inflicted billions of dollars in damage and has been detected in the infrastructure of nearly half of all businesses.
Sadly, ransomware still remains a growing threat – one that is likely to become an even bigger danger to innocent people and organizations in 2018. Here are ten reasons why:
1. Ransomware is becoming increasingly strategic about what data it kidnaps
Early generations of ransomware acted immediately upon infecting a computer, encrypting files on hard disk (or solid state drive) and rendering them inaccessible to users; victims were forced to pay a ransom within some short period of time or they would lose access to those files forever. Newer versions of ransomware, however, are growing increasingly calculated. In an effort to obtain larger “returns on investment,” criminals have devised ransomware variants that, after infecting a computer, attempt to search through connected networks and devices in an effort to find the most sensitive systems and data; the ransomware then activates and prevents access to the most valuable information, rather than kidnapping the data that it encountered first. Criminals understand that the more important that information is to its owner, the greater the likelihood that a victim will be willing to pay a ransom, and the higher the maximum ransom that will be willingly paid is likely to be.
2. Ransomware is growing increasingly stealthy
Along with the ability to scan through systems for the most valuable data to hold ransom, many variants of ransomware now have various anti-anti-malware capabilities; the ability to “go stealthy” often prevents both detection of initial malware infections, as well as allows the aforementioned scans of machines and networks to take place undetected.
3. Criminals are targeting time-sensitive data
In addition to targeting valuable data, criminals are launching ransomware attacks that target environments in which timely access to data is critical. Evildoers know that even if an organization has backups from which to restore data, if losing access to data during the time of the system-cleanup-and-restore process is more costly than paying a demanded ransom, victims are likely to pay up. This is one of the reasons criminals have directed ransomware attacks at hospitals – doctors obviously cannot be without patient data systems for the amount of time that it takes to restore from backups. Criminals know that hospital personnel understand that, in some cases, people might die if a ransom is not quickly paid, so the fact that a hospital has cybersecurity professionals on staff, and possesses data backups, may not stop it from paying a ransom.
4. Some ransomware now steals data, not just encrypts it
Rather than just preventing victims from accessing their files, some newer ransomware variants transmit victims’ files to criminals, and then wipe the files from their original locations – making it much harder for organizations to recover the data without paying the ransom (unless they have backups). In such cases, criminals may threaten to publish the data online unless a ransom is paid – so, even if a victim organization has backups, it may yield to their demands.
5. Ransomware is increasingly targeted
Over the past few years we have seen an increase in targeted ransomware attacks, and, as targeted attacks have made a fortune for criminals, we should certainly expect this trend to continue. Customized ransomware – either targeting specific vertical markets (e.g., retail stores, hospitals, local government agencies, etc.) or even targeting specific companies – especially if designed with knowledge of the systems in place within the targeted environments – is more likely to go undetected and to inflict harm.
6. People share too much information on social media
Cybercriminals increasingly scan social media – sometimes with automated tools – to find information that can be used against companies and their employees; attackers then leverage the information that they find to deliver ransomware. For example, they may craft highly-effective spear-phishing emails credible enough to trick employees into clicking on URLs to ransomware-delivering websites or into opening ransomware-infected attachments.
7. Criminals don’t always honor the ransomware “code of ethics”
In the early years of ransomware, criminals almost universally adhered to a certain “code of ethics” – if a victim paid a ransom the criminal delivered on his/her end of the deal and would give the victim back his/her/its data. Today, however, some criminals do not – and data lost to ransomware may be gone forever, or even worse, gone from its legitimate owner but available to be misused by criminals for illegal purposes such as insider trading or for selling to unscrupulous competitors of the victim.
8. Creating ransomware is easier than ever
Ransomware kits and services available online allow even technologically-unsophisticated criminals to create and deliver advanced ransomware attacks. With the availability of ransomware tools on the dark web, it is likely that orders of magnitude more criminals have the ability to launch ransomware attacks today than did five years ago.
9. Bitcoin has surged, enriching criminals
While instability in the price of Bitcoin – the preferred cryptocurrency of most major ransomware operations – makes writing ransomware more complicated (as criminals have to ensure that they do not overcharge or risk people being unable to pay ransoms), its surge over the past year has likely made many ransomware-using criminals wealthy – giving them the resources to develop increasingly sophisticated malware.
10. Internet of Things devices create tremendous ransomware opportunities
To date, ransomware has targeted computers – primarily classic-form-factor laptops, but also tablets and smartphones. With the mass proliferation of Internet of Things (IoT) technology – Internet-connected computers embedded within cars, factory equipment, medical devices, and all sorts of other machines – it is only a matter of time before we see ransomware attacks aimed at such devices or the systems that manage them. Many IoT devices are designed and released into the marketplace with inadequate security, and many businesses deploying IoT-enabled equipment do not realize that such devices are hackable. It is not hard to envision criminals creating ransomware that displays messages such as “Pay me or I’ll make every item your factory produces have a dangerous defect,” “pay me or I’ll turn off the heat in your office on the coldest days of the winter,” or even “pay me or I will cause your trucks to crash.”
Here is the bottom line:
Ransomware has been an extremely profitable venture for criminals, who have the incentive, and, in many cases, the financial resources, to develop increasingly advanced malware. As such, at least in the near term, ransomware is a problem that is likely to grow worse, not better. Organizations would be wise to investigate, explore, and adopt mechanisms to stay cyber-secure; when it comes to ransomware, an ounce of prevention can be worth many pounds of cure.
To learn more about ransomware, please register for and watch the free webcast, Ransomware – What You Need to Know, from Microsoft’s Modern Workplace.
This post is sponsored by Microsoft.