The Changing Nature of Ransomware

Ransomware is on the rise. In 2014, ransomware was the 22nd most common form of malware. By 2016, it was the 5th. Due to the increased success of ransomware attacks, and the relative ease of distributing it, it has become a favorite of hackers and data thieves. But like all pernicious malware, ransomware is changing. Here, we’ll examine some of the ways ransomware is changing its nature.

Originally published at Techeries.com by Lance Waterly

Ransomware is Becoming More Profitable

Malware attacks are typically carried out to extract profit, mine information, embarrass the victim, or to cause chaos. A successful ransomware attack encrypts and locks user data.

This means that computers that run business operations are inaccessible and can cause daily actions to grind to a halt.

Many small and medium-sized businesses are unaware of how to remove Ransomware. Without a thorough plan in place, data restoration can be a complex if not impossible process. Because of this, many businesses choose to pay the ransom for restored access. The cost of paying a ransom has only risen. According to the 2017 Internet Security Threat Report, the average profit for ransomware attacks has risen from $294 in 2015 to $1,077 in 2017.

For many small and medium-sized businesses, a one-time payment of around $1,000 can seem like a quick, easy way to end the situation. However, according to managed service security experts, paying the ransom may not restore your access and may not be your best option. In fact, one in five businesses that paid a ransom didn’t receive restored data or access.

The newly mainstream nature of cryptocurrencies like bitcoin is beginning to empower ransomware attacks. These transactions methods naturally protect identity; payments made this way are not traceable in the same ways credit card transactions are. If the potential of safe profit remains for propagators of ransomware, the frequency of attacks of this nature will only increase.

Public Shaming

Ransomware attacks will begin to use public shaming more often as an element of extortion. Attacks like the one against San Francisco’s Municipal Transportation Agency will become more common in the foreseeable future. This attack displayed a ransom on all Muni station screens, locking out user access and denying riders from purchasing and redeeming tickets. This kind of public shaming attempts to manipulate public opinion in order to secure the demanded ransom.

Eroding consumer trust is one of the most malicious aspects of a public ransomware attack. Organizations that utilize public facing digital screens can expect to face increased attempts to compromise their systems. That includes ATMs, digital advertisements and billboards, self-checkout kiosks, and other outward facing displays that are connected to the main computer system.

If these public shaming styled ransomware attacks prove to be successful, they will only increase in the future. Public shaming demonstrates that ransomware attacks are not always carried out for profit. These attacks are also carried out to damage reputations, decrease public trust, and cause general chaos.

Ransomware As Chaos

Because ransomware attacks enable the author to lock access to data and computer systems, future ransomware attacks may be employed to cause chaos with little regard to extracting ransom payments. As more and more hackers utilize ransomware they will begin to use it for other purposes.

State-sponsored attacks may utilize this malware to disable daily functions of other states. What’s more, ransomware campaigns may focus on voting computers in an attempt to erode confidence in elections. Or worse, to hinder the voting ability of a nation.

Ransomware Evolves to Evade Detection

Ransomware viruses typically attack vulnerabilities in older operating systems and systems without security software in place. However, modern ransomware viruses are being written without an executable file. This allows the malware to bypass some security measures by appearing legitimate.

These new ransomware families can avoid detection by traditional security software. Because they take advantage of scripting language to hijack and encrypt files they may appear legitimate to older, out of date security protocols.

The changing nature of ransomware attacks means security measures must evolve as well.

Email Attacks

Most ransomware spam attacks are filtered by email providers — Google, Apple, Microsoft, and so on. However, ransomware authors are looking to write viruses that slip through large-scale spam filters.

As more ransomware spam makes it to email inboxes, employee actions become more important. Ensure your organization utilizes employee practices to avoid downloading or opening malicious emails.

Safeguard Your Organization

If your business is hit with a ransomware attack, your options are somewhat limited. You can pay the ransom and hope you receive restored access, you can contact IT security firms in the hopes that a decryption algorithm exists, or you can count your losses, wipe your system, and start over.

Of course, the best defense against ransomware is a good offense. There are a number of steps you can follow to safeguard your organization from attacks.

Ensure you regularly update your security and operating systems, consider weekly or even daily backups on unconnected servers, institute employee education to avoid simple mistakes like opening spam email or visiting suspicious websites, and work with cyber security experts to ensure your system is secure and up to date.

Ransomware is quickly becoming one of the most malicious cyber threats facing small and medium-sized businesses. Strong prevention measures will help your organization stay ahead of ransomware attacks.