There have been fewer recent high-profile attacks, but companies should still beware
The term “ransomware” entered the public’s consciousness with the infamous WannaCry outbreak which affected 200,000 computers across 150 countries in May 2017. Only a few weeks later, the Petya ransomware attack wreaked havoc in Ukraine before making its way across the rest of Europe, North America, and even Australia. A string of less high-profile—but still potent—ransomware attacks followed in the next few months before the storm eventually started to die down.
Recently, far fewer ransomware attacks are splashed across the news and media but attacks continue, and the file-encrypting malware still poses a threat. No matter its size or sector, organizations should stay informed about the latest developments in ransomware attacks so they can implement the most effective security measures possible.
The “new” ransomware: Cryptojacking
One of the main reasons ransomware attacks haven’t been as prevalent is that hackers have diverted their attention to cryptojacking, or the process of mining for cryptocurrency on a computer without permission. This tactic is particularly appealing to cybercriminals as they don’t have to demand a one-time ransom. Rather, they can operate on infected machines undetected for months at a time. Besides an increase in PC fan use and energy consumption, the victim often won’t detect anything out of the ordinary.
Cryptojacking grew throughout 2018 as bitcoin and other cryptocurrencies started to gain more buzz. It has proven very lucrative for hackers, with some allegedly earning millions of dollars for their efforts.
Ransomware isn’t dead—it’s just evolving
So, what’s the current state of ransomware if other forms of malware are gaining popularity? In short, it’s evolving.
Rather than attempt to infiltrate thousands of systems at one time, some ransomware campaigns are being more selective with their targets in an effort to extort more money—as evidenced by the success of SamSam, a family of ransomware that has been active since 2015. Instead of using phishing emails and other spray-and-pray tactics to find victims, this form of ransomware actively searches for, targets, and attacks vulnerable systems. Governments, hospitals, universities, and health record firms are all ideal targets for hackers that deploy SamSam, as these organizations are more likely to quickly pay a ransom than risk extended downtime.
In one of the most notable cyber-attacks of the past year and a half, Atlanta’s city computer system was hacked by two Iranian nationals who were later charged with creating and deploying SamSam in an attempt to extort thousands of dollars from the government. The city never paid the ransom, but the attack did cause serious digital damage in five of Atlanta’s local government departments.
Another example of the way ransomware is evolving is the rise of GandCrab, which holds about 40 percent of the current “ransomware market.” GandCrab is distributed via exploit kits in a malware-as-a-service format. This approach to spreading ransomware allows hackers of all levels to distribute it at their will. In exchange for a cut of the profits, the authors behind the ransomware family even offer customer service-like support to hackers by offering step-by-step instructions and customization options.
SamSam and GandCrab are only the tip of the iceberg, however. Here are some other forms of ransomware companies should be wary of in 2019 and beyond:
- Cerber, a file-encrypting virus that is now offered as a form of ransomware-as-a-service
- Jigsaw, which is not only known to encrypt files but delete them
- Katyusha, which is commonly delivered to victims via email attachments
- LockerGoga, a particularly destructive form of ransomware which has targeted industrial and manufacturing firms
Ransomware and the IoT
The Internet of Things (IoT) is gradually becoming a part of our everyday lives. The physical objects around us—whether they’re wearable, portable or even implantable—are making us more connected to technology, people, and the world around us.
While the emergence of the IoT is exciting, it presents a potential playground for hackers. Rather than simply block a user from seeing their information, ransomware in the age of IoT could potentially interfere with the functionality of the device it infiltrates—which could then disrupt the business or other vital operations it controls and even lead to physical harm. Power grid shutdowns and people being locked out of their smart homes and smart cars are just a few scenarios that could result if ransomware hackers begin taking advantage of the growing number of IoT devices.
It’s important to note, however, that some experts don’t believe the rise of the IoT will correspond with a rise in ransomware attacks, as the financial rewards might not be worth it. Only time will tell if the IoT leads to more or more harmful ransomware attacks.
Your company could be a target
For small and medium-sized organizations that don’t spend the same amount of time and financial resources on information security as larger, more-established businesses, staying informed about the latest ransomware attacks is not just good housekeeping—it’s vital to their well-being. In 2018, 70 percent of ransomware attacks targeted small businesses, while the healthcare sector was the hit the hardest. Utilities and energy, education, and logistics are just a few other examples of industries that have been victimized by ransomware over the last few years.
Proactivity is the key to preventing a ransomware attack now and as the malware continues to evolve. If you don’t know where to begin, start by:
- Backing up your systems locally and on the cloud.
- Patching systems (including IoT devices) with the latest software and hardware updates.
- Raising awareness of ransomware and its potential delivery mechanisms across your organization.
Also, be sure to invest in comprehensive cybersecurity—whether it’s an in-house solution or provided through an expert provider.