October 7, 2015 By Chris Poulin 3 min read

Ransomware has worked for cybercriminals for many years, and it continues to be a valuable tool in their arsenal. A recent post on Security Intelligence discussed the trend of attackers reverting to older techniques to deliver ransomware to the employee endpoint. But now it’s time to look ahead at the future of ransomware.

Following a Pattern

A good place to start when predicting the future of ransomware is the broader history of malware in general. In light of the way malware has evolved, especially in recent years, the clear next step is likely for ransomware to become situationally aware. Dyre, first discovered in 2014, is a perfect example of a malware that started out as a simple banking Trojan and then quickly developed situational awareness — which led to its becoming substantially more dangerous

Earlier this year, IBM was a key player in identifying a new tactic, which we called Dyre Wolf. Marking a significant break with previous encounters with Dyre, the Dyre Wolf attacks included a social element in which users on an infected endpoint would visit a particular website and get an error message instructing them to call their bank to verify certain personal details. In reality, the message was provided by the attackers and led victims directly to them.

The evolution from Dyre to Dyre Wolf reveals that malware authors and attackers are no longer satisfied with sending out a phishing email and capturing the credentials of 1 or 2 percent of its recipients. Instead, they are developing more sophisticated tools and social engineering tactics to ensure they can target not only key organizations, but key individuals within those organizations.

The Future of Ransomware

When an enterprise gets infected by ransomware today, it has to pay the going rate to get its information released. A mom-and-pop shop that gets infected pays, say, $700 per item to have its data released; a Fortune 100 company that gets infected has to pay that same $700. Right now that number is identical, but clearly the capacity to pay is much larger in a corporate environment than it is in a two- or three-person small business. This is an area in which more situationally aware ransomware could wreak havoc.

Read the complete IBM research paper to learn more about ransomware

Given its past success, traditional ransomware seems destined to continue to thrive on unprotected endpoints. It may even become more lucrative by incorporating social engineering and other advanced attack methods. Ransomware will likely also look to new playing fields such as the Internet of Things (IoT).

When discussing the security of connected cars, for example, the focus is usually on data protection, privacy or, of course, physical safety. But there’s no reason to think new types of ransomware schemes won’t play a role here, as well. If attackers do manage to hack an autonomous car, they could potentially take control, brick the engine and demand a ransom of, say, 10 or 20 bitcoins to release the car. Such a scheme would be relatively easy for a cybercriminal with the right tools and simultaneously disastrous for victimized individuals, organizations and economies.

In terms of general malware trends but also specifically with ransomware, we see a lot of generic malware out there, but we also see some malware that very clearly is trying to stay ahead of the pace of our existing network tools and even new tools that are being developed. This has been the case for 10 or even 15 years, and it’s not likely to change. In such an environment, a successful organization is one that doesn’t rely exclusively on security tools, but rather has a proactive mindset when it comes to protecting assets.

If you’re not threat hunting and proactively preparing for a potential security event, you’re setting yourself up for a rude awakening. You do want to continue to build up your castle wall to keep threats out, but it’s also crucial to plan your response for dealing with ransomware and any other threats that manage to get in.

More from Malware

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today