Ransomware attacks dominated in 2017, Verizon Enterprise analysis reveal
Verizon Enterprise, American-based IT company that examines data breaches continually and provides annual reports, release the “2018 Data Breach Investigations Report (DBIR).” According to the stats, more than 53,000 incidents, 2,200 of which were significant data breaches, have been encountered within 2017.
The report indicates ransomware attacks as the number 1 threat. The steady increment of crypto and lock ransomware attacks has been observed since 2010, though the numbers of attacks were not that shocking as they currently are.
According to Economia, ransomware activity increased 2,000% since 2015, especially the attacks on businesses. By October 2017, cybersecurity experts recorded 33,871 incidents of crypto-malware attacks. Within the ten-month period, the ransomware prevalence increased by 62% percent in comparison to 2016 and 2015.
Bryan Sartin, executive director security professional services at Verizon, claims that the augmentation of ransomware industry is fostered by easy exploitation of critical security breaches in business systems. He added:
What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here.
Kaspersky Lab report also illustrates the fact that ransomware developers are targeting business services. Withing 2017 alone, the ransomware attacks targeting business sector increased by 4 percent (from 22.6 percent in 2016 to 26.2 percent in 2017). Naturally, its easier to cause huge damage to business and force authorities to pay huge sums of redemptions.
Nevertheless, as Bryan Sartin claims, companies fail to protect their data properly and, therefore, have to experience both data and money loss. Fedor Sinitsyn, Kaspersky Lab senior malware analyst, adds to the subject:
Business victims are remarkably vulnerable, can be charged a higher ransom that individuals and are often willing to pay up to keep the business operating.
Attacks grow – ransomware families decline
Although in general, ransomware as a cyber threat tops charts of cyber incidents, some changes regarding the development of new ransomware families and their distribution have been revealed.
According to Kaspersky Lab report, 2017 showed off a decline in the development of new ransomware families. Tend Micro counted 50 new ransomware families created in the first five months of 2016. In the meanwhile, the development of new families dropped almost by half, from 62 in 2016 to 38 in 2017.
However, interpreting these numbers as a decline of ransomware is not correct. Despite less, the fact that less new ransomware families emerged, the already existent versions have been modified actively turning ransomware to agile infections. While in 2016 released versions were improved 54,000 times, the number in 2017 almost doubled exceeding 96,000 cases.
Since the beginning of 2018, we haven't yet experienced a single massive ransomware outbreak as we had in 2017, including WannaCry, NotPetya, Locky, Cerber, BadRabbit, and other worldwide attacks.
However, ZDNet experts claim that that's the new tactics used by hackers. Instead of releasing new ransomware versions, they patch the critical vulnerabilities of the existing ones and reappear with new strength.
Ransomware virus change distribution strategies
For the last decade, ransomware developers relied on botnets, spam email attachments, exploit kits, and other fraudulent strategies. While most of them are still actively used, experts claim that the usage of botnets ( a network of robots used to commit cybercrime) decreased by almost 50 percent in the first three quarters of 2017.
Nevertheless, the number of attacks via hacked Remote Desktop Services (RDS) keeps growing. Instead of hiding ransomware payloads under email attachments or fake software downloads, hackers more and more practice brute-forcing the RDP and passwords on machines that have an RDP turned on, though not protected properly. To prevent RDS attacks, it's a must to hide the RDP connection under VPN, i.e., do not leave the remote connection established directly to the Internet.
Predictions for ransomware in 2018
Although some experts predicate that ransomware prevalence may decline throughout 2018 due to defense improvements, the bulk of security experts believe that data breaches and ransomware attacks are going to rise.
However, it is expected that ransomware may switch the target from home users to industries like healthcare.
Experts also claim that the rise of smaller ransomware families may show off. As we have already pointed out, ransomware outbreaks like WannaCry, Locky or Cerber are not that common. Nevertheless, the growth of small crypto-ransomware families manifesting for a week or moth (.java file extension virus, Arrow ransomware, GandCrab ransomware, etc. have been observed.
Ransomware as a service (RaaS) is also expected to remain popular this year. As one of the best RaaS, which emerged at the beginning of 2018 is GandCrab. Since January, it managed to infect 50,000 devices located in the US, UK, Scandinavia, Australia, and Israel mainly, and collect more than 600,000 USD. Currently, it's nominated as the most prominent bidder and the most aggressive ransomware this year. Experts claim that crooks may try to echo GandCrab success; thus RaaS rise is expected.
In a nutshell, ransomware remains as one the biggest cyber dangers. Home users can protect themselves by practicing secure behavior on the net, i.e., staying away from illegal websites, no clicks on suspicious content, spam filters, professional anti-virus always updated, etc. Organizations, in the meanwhile, should invest more money to the protection software and hire professional IT experts that could ensure a proper data security taking into account the sector of the business, the amount of data, and other factors.