2016 The Year Of Ransomware, Not If 2018 Has Its Way

2016 The Year Of Ransomware, Not If 2018 Has Its Way

posted in Ransomware ● 21 Nov 2017

Ransomware is one of the largest and well documented, in way of headlines, cyber-threats that organisations face on a daily basis. 2016 saw an unprecedented rise in attacks and has since been labelled the ‘Year of Ransomware’, according to a report by Sophos Labs however, 2018 is set to take this title.

Ransomware is known to have been an effective outlet for cyber-criminals looking for a pay-day and with Ransomware as a Service (RaaS) in high demand on the dark web, criminals have an increasing number of ways to get paid utilising malicious code. This is one factor that looks to support the view that 2018 will see a notable rise in the number of attacks businesses and individuals are susceptible to in the year to come.

Ransomware as a Service refers to ransomware code that can be purchased or sent on-demand or by request by cyber-criminals working on the dark web. Its use makes launching a Ransomware attack available to anyone, regardless of their technical capacity, all they need is a means to pay.

 

What does the current Ransomware landscape look like?

Ransomware attacks have been steadily increasing in numbers of the last few years, with large strains making headlines with the devastating speed they can take effect. The WannaCry attack in May 2017, most notably, affected over 150,000 organisations within 3 days in over 160 countries. The attack utilised a worm code, giving it the ability to spread quickly and exploit a known vulnerability within Windows systems; a vulnerability which had been patched several months before, many organisations however were too slow to patch systems and suffered as a result. The Sophos Labs report states that in the period between April and October 2017, WannaCry accounted for over 45% of all ransomware attempts detected by Sophos systems in that time, this was the most of any single strain. The second most common strain was the Cerber ransomware strain which was prevalent in late 2016. With these two strains having dominated 2016 and 2017, will 2018 see a new strain of Ransomware take hold?

Ransomware attacks often take a three-stage approach, first penetrating systems then deploying malware into a system before finally executing and encrypting systems. This approach gave cyber-criminals the opportunity to deploy their attacks in a more flexible manner as they could penetrate systems in different ways rather than simply waiting for a malicious email to be opened as past attacks have done.

 

Ransomware trends

The report, outlines key areas where Ransomware attacks have been identified. It is worth noting that the report is based on Sophos customer data, so figures may be skewed towards where their customer base sits, however it identifies the US (17%), UK (11%) and Belgium (8.6%) as the major areas affected. Industry trends also show that within these regions, cyber-attackers changed focus from individuals and began focusing efforts on industries likely to pay out quickly. These industries include healthcare and finance, due to the highly sensitive nature of data.

Four trends identified within the report as key areas that will ‘dominate’ ransomware in 2018 are:

  1. An increase in the threat posed by RaaS attacks.
  2. An increase in the number of Android applications infected with Ransomware
  3. More focus on cyber-criminals targeting Mac systems
  4. A continuation of attacks towards Windows systems, partially fuelled by ‘do-it-yourself’ exploits available on the dark web

 

Protecting against threats

It is increasingly difficult to ensure 100% protection against cyber-security threats and given the rate at which new strains of Ransomware are created this is unlikely to change. Organisations of all sizes can take actions to reduce the threat of becoming infected and also to reduce the damage that can be done if an infection does take hold.

Patching and Software updates

Software providers, security experts and anti-virus providers are regularly on the lookout for new strains and new vulnerabilities. Ensuring that systems and software’s are regularly updated will increase protection against new threats and could be the difference between having to pay a ransom and suffering downtime or not being infected, such was the case with the WannaCry attack.

Separate Networks

It can be difficult to monitor what comes into a network from external sources and this is another avenue for attack. An unwitting guest could easily carry dormant malware into a network and kick-start an infection that infects an entire organisation. By separating guest networks from primary systems, the possibility of this happening is reduced, any damage done should not stop the organisation from operating.

Educate and train staff

Human error remains a threat to organisations and one that cyber-criminals will happily exploit. Training and educating staff on the threats that they face and how to spot malicious sites and emails will help to reduce the chance of infection.

Backup all data

With threats so hard to protect against, it is vital that there is a fall-back plan. Paying ransoms is unadvisable and organisations such as the FBI, the National Cyber Security Centre and many cyber-security firms mirror this stance – for one, paying a ransom does not guarantee the safe return of data. Ensuring that an organisation has a full, off-site, encrypted backup will give the ability to recover all data in the event of an infection taking hold. However, on-site backups or network attached backups may be susceptible to infection.

See the future of data management. Now

Watch our product demos to find out more about our solution.

The cyber criminals exploiting coronavirus panic

Reading, 20 March 2020 – Cyber hackers are preying on the public’s fear of Covid-19 to spread their own harmful viruses. According to multiple cybersecurity experts, the spike in phishing techniques, fraudulently claiming to come from an official source is the worst in years.

Continue reading

How to keep business healthy during outbreak

Reading 12 March 2020 – Up to a fifth of the UK’s workforce are likely to be off sick at the peak of the coronavirus pandemic, according to the Government’s best estimations.

Continue reading

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading