What the future has in store for ransomware

22/10/2017 23:49

What the future has in store for ransomware


Not too many months ago, the majority of the public had never even heard of ransomware. Fast forward to now and it's developed a reputation as quite the menace and even made it into the Webster dictionary.


The file-encrypting malware has really made itself known this year and looking at the recent incidents, it’s only going to get worse before it gets better.


Incidents, particularly around May to June this year have show the potential damage a well orchestrated batch of ransomware can have both operationally and financially.


Do you WannaCry yet?


Although there have been incidents before, when WannaCry hit thousands of systems around the globe in may, it really got the media’s attention and became the first ‘viral’ attack of its sorts. Derived from the NSA, the leaked exploit made its way across the continents, hitting the UK and the NHS and forcing operations to come to a halt temporarily.


To Petya or Not to Petya?


Before infected systems barely got back their feet, another round of ransomware wormed it’s way across the world wide web and the global epidemic of Petya was born.


With strong similarities to WannaCry, Petya (or Not Petya as it was later labelled) used the same intentions to lock data up for a ransom, but this time had the ability in irrecoverable wipe data from machines it got a hold of.

Although both attacks were successful in the number of machines they managed to infect, if the campaign's goals were to make money, they miserably failed in this department.


Considering the number of machines impacted across the globe, those behind the WannaCry came out with just more than £100,000.


Despite the low payout, both attacks did manage to state their dominance and danger large-scale ransomware attacks can have to businesses.


Since June, the ransomware environment seemed to have cooled down until writers came back recently with the Bad Rabbit attack which demonstrating new versions of the threat.


Each new version has it’s own agenda and here are some of the ones to expect:

The Diversion


We’ve seen first hand how ransomware can come with other delights in tow. Petya, with its designated wiper which irrecoverably destroyed data comes to mind.


As the versions progress, ransomware could be the least of your problems as other things run in the background to steal credentials and give free reign to the network.


Other developments can include strains that actually steal data as they encrypt it.


The Blackmail


Something very sinister that has been noted by a number of security professionals is the potential of harsher tactics to coax money out of people.


While the most common workings at the moment will encrypt data on a ‘pay me and get your data back’ basis, some think this will go a step further with criminals using personal information to blackmail into getting a pay out. By threatening to release sensitive data, they think this will yield a better result for the ransomware distributor.


The Enterprise


Whilst requiring much more effort to the petty crimes ransomware writers are putting in at the moment, going after large, enterprise infrastructure could soon be on the cards.


As ransomware code progresses and becomes more intelligent, it’s likely there will be an increase in focus towards enterprise ransomware.


Although a big job, getting onto these large systems would be highly lucrative for these thieves and would be sure to cause lots of disruption and frustration across the business.

With each attack, we are seeing ransomware codes change, adapt and improve. By keeping second guessing what has the potential to come now helps to stay ahead and defend against this pesky menace.


Posted in News By Just Firewalls