Ransomware: A change in direction

Ransomware is malicious software that encrypts files until the user pays to get the encryption key to unlock them. This form of cyber attack has had a successful run in the past, with criminals targeting businesses and government organizations, demanding higher ransoms for more valuable data. Ransomware has been so successful that some FBI agents have commented the bureau often recommends that people just pay the ransom. Unlike other malware infections, a cleaning or removal tool cannot be run to get rid of ransomware, so defenses have to catch it before it can act.

Computers and servers are slowly being upgraded and better protected, and companies are making sure that their employees are educated on the threats of ransomware. As a result, changes are being made to the ransomware model, where encryption of data is just one step. Attackers are using targeted methods such as emails that look like they originate from within your company, in order to get their malicious encryption tools into vulnerable systems. After encrypting data or files, attackers threaten to publish something that you will pay to keep secret, whether it is valuable financial information or embarrassing emails.

The changing target of ransomware

As we adopt more security technology, we also are fueling the creativity of cyber attackers. Criminals will change and multiply their attacks, going after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.

Typically malware threats go through several phases, starting off with attacks in small volumes, as criminals evaluate their target systems’ defenses until they identify the best method of attack that will achieve success rates. After this evaluation process is done, criminals increase the volume of their attacks, going after consumers and businesses, as the technique improves and is monetized through massive campaigns. The next phase is a shift from volume to highly targeted attacks. As security defenses begin to adapt to the generic approach, criminals identify higher value targets. Ransomware is currently moving from the volume to targeted phase, increasing in sophistication of the delivery mechanism and looking for more valuable ways to get money from victims.

Preventing targeted ransomware attacks

As ransomware threats shift from volume to targeted mode, a shared intelligence strategy that can detect threats at multiple points, across both networks and the cloud, will be needed. Users should be aware of potential motivations, whether that is organized crime looking for payment or exposing corporate secrets. Understanding the attacker profiles helps will help users identify what material is valuable and vulnerable and prioritize security efforts.

Ransomware is just one cyber threat that is evolving as our security defenses do. Security needs are changing to require greater integration between defenses; broader collaboration with law enforcement, supply chain partners and organizations throughout the industry; and increased automation that can react at digital speeds.