Ransomware Future: Fasten Your Seat Belts 2018 Is Here

Ransomware Future

2017 was a breakout year for Ransomware, although a prominent feature and topic of discussion in IT sector it had managed to stay out of the public eye and common parlance. This all changed on May 12th, 2017 and the WannaCry attack where international companies were crippled by the malware.

Ransomware has since become a buzzword: a highly sophisticated, easily distributed malware that has the potential be the greatest technological threat of our times.

The issue at hand is three-fold: (1) Our greater use of technology has not corresponded with greater vigilance on it; (2) We are using more immersive internet based technologies in our private and business lives, and (3) Ransomware has never been so cheap nor accessible – even criminals with no technical expertise can utilize Ransomware as a Service (RaaS) or buy it cheaply on the internet.

These core issues were poignant in 2017 they will be even more so in 2018 and beyond.

The Rise of RaaS

Ransomware statistics released by Sophos for the year 2017 shows that almost 90% of all ransomware circulated is either Cerber and WannaCry. Although WannaCry was big news in 2017, Cerber has been a constant menace since a year earlier. While other infamous strains like Petya, are expected to decline in circulation, Cerber has staying power and here’s why:

The creators of Cerber broke the mold and the standard model, by offering the Malware to criminals in exchange for a percentage of each ransom. To stay ahead of the latest and greatest in security, their malware is constantly refined and updated posing new problems to anti-virus software in every strain. Let that sink in for a minute, one of the most circulated ransomware variants is in constant evolution – and it’s in the interest of the developers to make sure that this evolution is maintained. The commodifying of ransomware is something all business should be concerned about.

And to make matters worse Cerber is not the only ransomware strain based on a RaaS model – Satan and Philadelphia strains were prevalent in 2017 and are expected to grow into 2018.

Sophisticated hackers are not only focused on beating anti-virus scans and email filters, they are also considerate of UX, UI and customer flow to increase revenue. Spora offered up different payment options in a Ransomware Vaccine Menu where you (1) could get two free files decrypted on promotion, (2) have a selection of files decrypted, (3) have the ransomware removed OR (4) have all your files unencrypted – how convenient.

These details are indicative of a very well thought out and lucrative operation expect this kind of creative development around RaaS.

Mobile Attacks

Our ever-growing reliance on connectivity and our digital devices is at the heart of the ransomware threat. The proliferation of smartphones and our use for them to hold increasingly sensitive and private information means that they are an open target for cybercriminals.

 

Mobile ransomware is much like the standard computer version, there are two core types Locky (which freezes your screen) and Crypto (which encrypts your data). Although the ransomware variants are different and they don’t tend to cross over onto mobile devices, these restriction methods prevail.

With lower security and poorer internet hygiene conducted on mobile, almost everyone in the world becomes a mark, as such Mobile Ransomware attacks grew 250% in 2017. And it’s not just hackers you need to watch out for: 800 apps on Google Play were found containing Xavir malware and there were many more infected with nefarious things, including spyware, banking bots and aggressive AdWare like Judy, which could have infected up to 35 million Android users globally.

The prevalence of BYOD workplaces has not gone unnoticed by would-be hackers. There is no easier way to infect a business network than having an unknowing employee bring it in through the front door. With smartphone use and BYOD workplaces on the rise, you can expect Mobile Ransoms to follow suit.

Immersive Technology and IOT

We’re creeping into a world where virtually everything in our living room and most things out of it could be internet connected. We are on the cusp of IOT and the smartification of everything infiltrating our daily lives. Smart TVs, Smartphones, Smartwatches, Smartfridge and Smartovens all leave us open to Vulnerabilities.

The smartification of household goods means that there will be literally 10s of billions of devices open to attack in the coming decade.

This proliferation raises an interesting question about whose responsibility it is to make sure they are updated and secure? Typically, this technology is expected to last 10 – 15 years, much longer than our general use technology. Is the onus on the owner to make sure the devices are secured and updated? Or should the manufacturer be responsible for updates for the duration of its lifespan which can last decades? Whatever the conclusions are, it’s important we are informed about the security of smart household devices.

Security on Smart Household equipment needs to be raised today, but don’t let hackable smart cars and factory production lines slip your thoughts. 10 years ago, they may have seemed far-fetched, gradually these ideas are becoming very real.

The Future Sounds Scary

Yes, yes it does. And we have some further bad news – there is no way to protect yourself fully. The adaptability of ransomware distribution means you can become infected from anywhere: email attachments, drive-by downloads, connecting to an infected network to name a few.

The only way to deal with it is to have a comprehensive multi-pronged approach, like one outlined in a previous Cloud Tweaks article here.

Educate: If you run a business, it’s your obligation to educate your employees properly. And this does not mean a one-off workshop, but a continually reinforce strategy that updates everyone about the latest threats.

Your employees are your most vulnerable parties and those most likely to cause infection, but they are also your first line of defense.

Secure: Promote a proactive approach to cybersecurity utilizing licensed, reputable anti-virus solutions and rigorous spam-filtering. This paired with super simple internet and browsing hygiene will help mitigate infection. Of course, remember to update and scan regularly – hackers are constantly updating – so should your protections.

Backups: The only safety net that’s guaranteed to work. Ransomware is only effective if regular backups are not kept. Avoid critical data loss, downtime and of course having to pay a ransom.

By Sean Allan,

Sean is a Digital Marketing Manager at Aware Group, a Technology company witnessing the continued rise of Ransomware across industries.

Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they ...
Patrick Joggerst

Living on the Edge: The New Real-Time Communications Security Risks

Real-time communications Security Risks As more and more people have been forced to work remotely due to the global public health crisis, collaboration platforms have ...
Al Castle E911

Businesses Need E911 for Remote Employees

E911 for Remote Employees Remote working is no longer a luxury or a distant possibility – it’s the norm for enterprises around the world. The ...
Dan Saks 1

How to Transform to Succeed in the Digital Economy

Succeed in the Digital Economy In today’s increasingly competitive business climate, companies must put digital technologies at the core of their operations. In order to ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web ...
Steve Prentice

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips on how to attend meetings while working from home. Working ...
Ian Hayes

Pick The Right AWS Course And Ensure A Brighter Future Ahead

Picking The Right AWS Course As the leader of the pack, AWS (Amazon Web Services) is the fastest-growing public cloud service in the industry, and ...
David Friend

Cloud 2.0 will not be Ushered in by AWS or other Cloud Giants

Cloud 2.0 Trends Amazon, Google, and Microsoft are all pursuing similar business strategies: they want it all. ‘It,’ in this case, means the entire IT ...
Nik Thumma Contributor

Why It’s Time for Companies to Move ‘All-In’ on the Cloud

Companies to Move ‘All-In’ on the Cloud The cloud offers businesses innovative ways to optimize operations and achieve amazing results. While many companies have already ...
Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with ...