Ransomware got its start in the late 1980s, but 2017 can rightly be called the year of ransomware.
Some interesting figures :
And most ransomware attacks consumers, not businesses. A recent IBM survey of 600 business leaders in the U.S. revealed that almost half of all businesses have been hit by ransomware. And of those, seventy percent have paid the ransom. In 2015, the average ransom was a few hundred dollars per user. According to the Trend Micro, at the end of 2016 the average ransom was over $700, with 20 percent of organizations reporting demands for over $1300. Even after paying the ransom, Trend Micro has found that one in five organizations never get their data back.
Ransomware can affect any type of computer. It became the biggest cyberthreat on Android devices in the first half of 2017 in the U.S., U.K., Germany, Australia and Denmark. According to Bitdefender, ransomware constituted more than half of the malware detected.
There are many reasons for the upswing in ransomware:
Some of the most publicized attacks in 2017 involved healthcare, but the problem is more widespread. A new report from BitSight declares education is the industry most likely to be hit, with 13% of educational organization slammed by ransomware. The report analyzed the cybersecurity performance of nearly 20,000 companies across government, healthcare, finance, retail, education, and energy/utilities.
Ransomware has hit about
The sector tends to have smaller budgets, and thus less up-to-date hardware and software.
Education normally has smaller IT staffs than other industries, so there are fewer software updates and security monitoring.
File sharing both within the institution and with outsiders is high compared with other industries. A BitSight report released earlier this year found that about 58% of academic institutions allowed file sharing on their networks.
Some security analysts believe that schools may be more likely to pay for the information to avoid HIPAA concerns and other regulatory violations. For example, In June, the University of Calgary paid a $20,000 CDN ransom after attackers encrypted its email system.
At the start of 2016, TeslaCrypt and Locky were the biggest ransomware threats, spread by spam attacks. It appears that many businesses affected by the onslaught beefed up their security. As a result, ransomware increasingly affected consumers as opposed to businesses as 2016 progressed.
Well-established ransomware such as CTB-Locker, CryptoWall and Shade were joined by Cerber, CryptXXX, and Locky. Locky has so far been spread across 114 countries. The year saw increasing variation in the construction of ransomware and the vectors used to deliver it.
At the beginning of 2016 CryptoWall 4.0 attacks rose, including a new variation targeting outdated versions of Flash Player. The payload was delivered via malicious pop-under ads whereas the majority of past ransomware used spam, phishing emails, and attachments. In November, it was discovered that Cerber 5.0.1 ransomware was spreading via Google and Tor2Web proxies. New ransomware families appeared in different programming languages, such as JavaScript, PHP, PowerShell, or Python. VindowsLocker ransomware emerged in November. It locks up a victim's computer and then asks the person to call a Microsoft customer support number for help. When the user pays the over $300 fee for decryption, he is hung out to dry.
There were new functions and threats added to ransomware as well. Ransoc has been tailored to gather information on the victim. Social media profiles and local files are probed, and users whose PCs contain questionable content are threatened with court action if they fail to pay the ransom. CryptXXX has a feature to gather Bitcoin wallet data and send it to the attackers. Some Cerber ransomware infects the victim’s computer with a botnet to carry out distributed denial of service (DDoS) attacks. Chimera threatens to post the victim’s files, including pictures and videos, on the internet.
The franchise model invaded the ransomware world. CTB Locker and Chimera offered its victims an opportunity to become an “affiliate”, with a 50 percent commission for selling the ransomware as a service. Popcorn Time ransomware waives payment from its victims if they try to infect a few friends.
The most significant anti-ransomware move was the foundation of the No More Ransom project. Kaspersky Lab, Intel Security, the National High Tech Crime Unit of the Netherlands' police, and Europol's European Cybercrime Centre formed the group. In October, law enforcement agencies from 13 additional countries joined the project, twelve in Europe in addition to Colombia. The project expanded further in December with 30 more members.
No More Ransom offers victims a Crypto Sheriff tool to determine the type of ransomware affecting their devices. If available, tools are then employed to decrypt the victims’ data. In December, 32 new decryption tools for various ransomware variants were added.
The number of ransomware attacks is on the decline. According to a report by SonicWall, there were 184 million ransomware attacks in 2017 compared with 638 million in 2016. While the number of attacks may have subsided, the number of strains more than doubled in 2017. Researchers believe this may indicate a shift from quantity to quality. Reasons for the decline in attacks is attributed to the growing refusal for victims to pay as well as the greater utilization of tools to combat ransomware. Interestingly enough, hospital administrators of Hanhock Health chose to pay the ransom shortly after their attack in January.
Some industries, such as healthcare and government, will continue to be targeted by ransomware attacks. Many of the tools developed by the criminals behind ransomware, including fileless malware and encryption techniques, will continue to be used in different types of attacks. To escape future ransomware attacks IT pros must leverage the right technology.
Despite the decrease in attacks, ransomware accounted for 64% of all malicious emails sent in 2017 so a modern-day email security solution is essential. In addition, a complete defense strategy also includes an off-site backup strategy, a diligent patching regime, and real-time anomaly detection. We may be in a temporary lull when it comes to ransomware attacks, but it may in fact just be the calm before the storm.
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at info@titanhq.com with any questions.
https://www.titanhq.com/blog/samsam-ransomware-strain-kicks-off-2018
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us