Is Ransomware Still a Threat?
The year 2017 was a dismal year for IT security, particularly in the arena of ransomware.
Less than 12 months ago, the ransomware worm WannaCry wreaked havoc across the globe, placing large organisations – including NHS trusts in England and Scotland, at the forefront of one of the most prolific cyber attacks in history. Then followed NotPetya (initially believed to be the Petya malware of 2016) in June, which also spread quickly and, even without the aid of human intervention, managed to harm multinational companies.
Yet more ransomware attacks compromised the data of individuals and organisations, but they were not nearly as high profile as the aforementioned attacks, and this prompted many people to believe that ransomware is no longer the threat that it was twelve months ago. But is this really the case?
Ransomware in 2018
One of the more famous ransomware cases of 2018 was the March attack on the City of Atlanta, which compromised a significant amount of its computer infrastructure and virtually destroyed video archives and dashcam recordings of Atlanta police, which had taken many years to compile. The city chose not to pay up, but the ensuing costs arising from the response and recovery activities are now estimated to reach about $10 million.
Further attacks followed.
Colorado’s Department of Transportation suffered attacks on approximately 2,000 Windows-based computers in February. Then, in March, airplane conglomerate Boeing was attacked by a re-emergence of the WannaCry malware. Fortunately, the latter attack caused only minimal disruption, but it demonstrated that WannaCry may not have been completely eliminated.
On the decline?
While there is a noticeable downtrend in the large-scale outbreaks, such as those seen in the past year, actual figures indicate that this does not necessarily equal a major decline in the risks posed by ransomware.
According to Verizon’s 2018 Data Breach Investigations Report (DBIR), almost 40% of all successful malware attacks involved some form of ransomware, making it the most prevalent of all malware types and, therefore, a key cyber security threat. The data was sourced from an analysis of more than 53,000 incidents and 2,616 confirmed data breaches in 65 countries.
The rise in ransomware is worth noting.
Ransomware was ranked only 22nd among the most common forms of malware in 2014, and fifth in the 2016 DBIR. As many as 343 new variants of ransomware emerged in 2017, an increase of 62% from the previous year. The figures demonstrate that ransomware will remain a formidable IT security issue in the foreseeable future.
Ironically, the considerable publicity created by the WannaCry and NotPetya attacks may have also helped on the cyber security front. The extensive media coverage served as an impromptu security awareness campaign against ransomware, and this has encouraged many organisations to recognise the importance of patching and updating, and spurred them to strengthen their IT security measures.
In addition, cryptojacking - the illegal use of others’ computing resources for the purpose of mining cryptocurrency - has emerged as a lucrative income source for hackers, and has potentially lured them away from ransomware.
Ransomware: Why it’s a continuing threat
The newfound awareness of the ransomware threat, however, has not prevented cybercriminals from continuing to launch attacks. Cybercriminals are using strategies and malware forms that have evolved to circumvent cyber security measures.
Here are three key reasons why ransomware persists as a cyber security threat:
Victims continue to pay up. Victims, whether they be individuals or companies, continue to pay demands which range from a few hundred to tens of thousands of dollars in Bitcoin. As long as ransomware remains a profitable business for hackers, it will thrive.
Some organisations, often government networks and departments, refuse to pay the ransom, but the costs involved in the recovery process turn out to be exorbitantly high. In the end, it makes more sense for small and mid-sized organisations to shell out money in order to protect customers’ data and resume their operations.
Attackers are targeting specific industries. Ransomware campaigns have identified several industries that are more attractive to hackers, because those industries simply cannot afford to lose access to their networks or computers. This shortlist includes governments and government agencies, healthcare services (particularly hospitals), the retail industry, and business/professional services.
Ransomware variants are evolving. There are many ways in which hackers can launch an attack, and with users gaining more awareness, the threats continue to evolve. Ransomware samples are generally classified as either crypto-based or locker-based. In crypto-based samples, files and data are encrypted, rendering them inaccessible to the owner. Locker-based samples, in contrast, lock down the entire operating system. The methods for infection also vary, with hackers choosing to either send a spam email with a malicious link, launch a self-propagating malware that starts with one machine and moves on to infect others, or by injecting malicious code into websites. Recent developments also show the availability of Ransomware-as-a-Service offerings, which allow less skilled cyber thieves to conduct ransomware attacks. Attackers can use a combination of the many techniques and strategies at their disposal to continue to propagate ransomware, despite existing cyber security measures.
Ransomware may not appear to carry the same threat in 2018 as it did in previous years, but to completely dismiss it could lead to disastrous results for both individual users and enterprises. Keep your data protection guidelines updated, observe IT security best practices, and find the best tools to prevent attacks on you and your organisation.