[BreachExchange] The Rise and Fall of Ransomware

Tue Apr 24 18:43:12 EDT 2018

https://www.technology.org/2018/04/23/the-rise-and-fall-of-ransomware/

Ransomware is terrifying — there is no denying that. Anyone who has
suffered a ransomware attack can attest to the confusion, the horror, the
anxiety, and the exhaustion associated with this particularly vicious type
of malware. In 2017, dozens of varieties of ransomware hit the web, many of
them causing immensely expensive shutdowns of organizations across the U.S.
and Europe. Months ago, experts were predicting decades more of the same
type of attack and advising everyone how to respond to survive the era of
ransomware.

Yet, the hubbub about ransomware has seemed to die down as swiftly as it
arose. These days, the hottest cyberthreats are cryptocurrency miners,
which use malware-like methods to infiltrate computers, and then they hide
in the background, draining graphics cards and processors of power and
running up energy bills in the name of generating digital money like
Bitcoin, Litecoin, and Monero. So, is ransomware still a threat to
consumers? Was ransomware a passing fad, or do device owners need to remain
vigilant?

Ransomware Isn’t as Profitable as They Thought

Initially, it seemed that ransomware was a win-win for cybercriminals.
First, they win by gaining access to victims’ machines and networks,
allowing them to pilfer all sorts of valuable data that they can later sell
or otherwise utilize for financial gain. Then, cybercriminals win again by
alerting victims of the threat and tricking or forcing them into paying
sometimes exorbitant fees for the return of their devices. On a large
scale, this crime could be exceedingly lucrative.

However, despite several sweeping ransomware attacks, few cybercriminals
dealing in this malware have escaped immensely wealthy. In 2017, WannaCry
caused the entire healthcare system of the U.K. to shut down, crippled
Spain’s gas and telecom companies, and aggrieved hundreds of other
businesses and institutions around the world. Yet, a year later, the
malware has yet to crack $100,000 in income from ransoms. Though some less
famous ransomware attacks netted greater profits — such as CryptoWall,
which brought in $325 million for its criminal masterminds — most people
can recognize a ransomware attack and know not to pay the requested sum.
Plus, advanced PC protection software is becoming more adept at recognizing
ransomware threats, preventing the malware from reaching machines, anyway.
Thus, most cybercriminals once enamored by ransomware techniques are
looking for bigger and better methods of cyberattack.

Ransomware Lingers On, Threatening Data

That’s not to say that ransomware has disappeared — or even that it will
ever disappear completely. Like phishing, like Trojan viruses, and like so
many other antiquated types of cybercrime, ransomware will almost certainly
carry on, afflicting fewer and fewer web users but remaining a persistent
threat.

There are several reasons for the perpetuation of ransomware, such as:

- Laziness. Ransomware technology already exists, so lazy cybercriminals
don’t need to work hard to develop new methods of launching attacks;
instead, they can repackage old ransomware and let it loose, collecting
occasional ransoms as easy income.
- Victims. There is no shortage of victims of ransomware attacks.
Historically, ransomware has targeted healthcare providers, government
entities, education institutions, and similar high-profile groups because
their data is most valuable. Because healthcare, government, and education
will not disappear soon, ransomware attacks are likely to continue, if on a
smaller scale.
- Vulnerability. Software and hardware vulnerabilities are becoming rampant
as developers rush their products to consumers in this incredibly
competitive market. Unfortunately, vulnerabilities allow ransomware (and
all cyberattacks) a greater chance of success.

Ransomware is likely to stick around, though it might not look exactly the
same because…

Ransomware Will Continue Evolving

Currently, infosec professionals know intimate details about existing
ransomware, and the media has been relatively effective about spreading
information to consumers. Floating around the web at this very moment are
dozens of variations of two types of ransomware: locker and encryption.
Locker types change users’ passwords, hide files, and otherwise make data
difficult for users to reach; encryption types use advanced encryption
algorithms to make data utterly unreachable until the ransom is paid. The
latter is more difficult to recover from, but both types might be obsolete
in a matter of months.

Ransomware, like any other cyberthreat, can evolve, adapting to security
measures designed to guard against it. Already, ransomware has made a huge
leap, using IoT and mobile devices to reach larger, less secure audiences.
In the future, ransomware might use emerging tech, like blockchain, to
steal data and money. There is no telling what the future will hold for
cybersecurity, but all web users are likely to see newer, more terrifying
forms of ransomware in the coming years.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180424/c7027872/attachment.html>