December 13, 2017
Security is on everyone’s mind – especially this time of year, when IT leaders turn their eyes to the future and wonder what new threats will come their way in 2018. While cybercrime will undoubtedly hold a few surprises for us all, many teams will come up against threats wearing a familiar face. We’re talking, of course, about Ransomware.
Yes, it’s going to get worse. But before we predict next year’s trends, let’s review what Ransomware looked like in 2017. No one can forget the global impact of the WannaCry virus, which took public Ransomware awareness to a new level. NotPetya and Bad Rabbit are two other high-profile attacks that followed on its heels.
We learned a few lessons learned from these attacks: they all appeared to originate from professional cyberwarfare teams using a high level of technical skill. It’s clear that cybercrime is the new cold war, with specific nation states intent on crippling businesses as both an economic and political strategy. (It’s worth noting that while the United States and the United Kingdom lead the list of victims, both Russia and Ukraine are low on that list.) This tells us we’re not dealing with hackers who are satisfied collecting ransoms, but organizations who want to achieve even greater levels of destruction.
We also saw some deviation from the Ransomware attacks of yesterday. Even when businesses paid the demanded ransoms, they often didn’t get any decryption mechanisms or they received keys that didn’t work. That proves leaders need to retire any idea of ransom payments as a viable strategy. Paying up doesn’t guarantee recovery or data availability – it only guarantees more money lost on top of the downtime cost.
Let’s look ahead to next year and the developments we’re likely to see.
Options Beyond Payment
Ransomware attackers know more IT teams are focusing on rapid recovery to avoid paying ransoms. As a result, some strains offer a variety of financial options beyond simple ransom requests. To make their own “recovery services” attractive to teams, some forms offer victims multiple options for restoration, such as one price for decrypting a few files and another price for decrypting all files. They know teams may view the restoration of a few files as worth a small ransom while they work to get back online.
The Big Vulnerability of Medium-Sized Businesses
As far as industry targets go, healthcare and critical infrastructure organizations will still be top targets. It’s not a mystery why: the urgency of their business means they’re likely to pay whatever they’re asked to get their systems up and running. However, we’ll see more attacks on medium-sized organizations – who have enough money to pay ransom demands, while not always having the budget to deflect attacks. These leaders need to prioritize BDR solutions that offer recovery in minutes. If they don’t, they’ll face the financial and reputational damage of an attack.
Ransomware as a Service (RaaS)
While forcing victims to pay ransoms has been fairly lucrative for these criminal rings, they inevitably expanded their operations to include selling Ransomware kits to fledgling attackers. These kits make it easy for unskilled hackers to make money from Ransomware even if they lack the financial and organizational power of the bigger criminal rings. And don’t think this is an underground business – these kits are marketed with YouTube videos. Anyone can buy them, which means we could see a rash of low-level attacks.
Ransomware is associated with Windows for good reason – it’s a favorite target for attackers. Android attacks have also increased considerably and will probably rise even more in 2018. But the real new horizon for next year? A global MacOS or Linux ransomware assault. Criminal rings have poured their profits into finding new attack methods to invade even systems traditionally considered well-defended.
None of this may sound like very good news, but it does point to two inescapable conclusions. The first: Ransomware attacks will be more common, more sophisticated and more effective in 2018. The second: teams must invest in secure, modern BDR solutions that can encrypt their data and restore their systems, apps and servers in minutes. There is no other answer to the Ransomware war.