Although it is at the forefront of any discussion about security today, ransomware has only been a major part of the malware scene since 2014. The threat is still evolving, and IT professionals are sure to encounter even more advanced ransomware in 2017.

Tracking the Continued Rise of Ransomware in 2017

Ransomware generally revokes access to a victim’s endpoint or encrypts data on that endpoint before prompting the victim to pay a ransom to regain control. That’s the basic idea, but the devil is in the details.

These attacks have grown drastically more frequent in recent years. According to the IBM report, “Ransomware: How Consumers and Businesses Value Their Data,” 4,000 ransomware attacks occurred per day in 2016, four times more than the previous year.

Naturally, the total payout to cybercriminals has increased with the volume of attacks. The FBI reported that ransomware victims in the U.S. shelled out $209 million for their stolen data in just the first three months of 2016, a dramatic increase from the $24 million companies spent in all of 2015, according to Reuters. This growth shows no signs of slowing down.

Authorities generally advise victims not to pay the ransom, since there is no guarantee that they will receive a working decryption key. More importantly, paying the ransom funds future cybercriminal endeavors. Ransomware victims should resolve to slow this progress by refusing to pay for stolen files in 2017.

Consumers Versus Enterprise Users

Consumers in general may be unaware of the threat they face. Just 31 percent of consumers have specifically heard about ransomware, according to the IBM report. This creates a long-term problem when consumer actions are factored into a threat model because those consumers are less likely to know best practices for protecting data. IT experts must increase their efforts to educate people about ransomware as the threat landscape expands.

Enterprise users are, in general, much better informed about ransomware. The same survey found that 46 percent of executives had experienced ransomware attacks in the workplace and 70 percent of those executives paid to recover their stolen data. Larger enterprises are also more likely to train workers about IT security.

Social Engineering Going Strong in 2017

Most ransomware schemes depend on social engineering ploys to trick victims into activating the malware. This strategy served fraudsters well, so it’s safe to assume they’ll continue to employ it in 2017 and beyond. To mitigate the threat of an infection via social engineering, consumers should never open attachments from untrusted or unknown email.

Companies can implement policies to minimize actions that could lead to infections, but this is complicated by the legitimate need to frequently open attachments in a business setting. Many organizations would benefit from blocking Microsoft Office macros, because these are particularly popular vehicles for malware.

Not all attacks require user action to be implemented, however. Drive-by infections lurk in specially crafted pop-up advertisements. All a victim has to do is view a seemingly innocuous webpage. With social engineering, fraudsters like to keep it simple.

Low-Hanging Fruit

Ransomware typically targets the lowest hanging fruit. Cybercriminals are particularly well-versed in exploiting Windows vulnerabilities, for example. This malware does not need to infiltrate your entire system for long-term access; it simply needs a gateway to access your data, which doesn’t require advanced tools. Windows users have many default privileges that can be exploited to allow total access.

Ransomware will almost surely continue to grow in volume and complexity in 2017. Security analysts should keep an eye on the evolution of ransomware, which may bring advanced attacks, such as ransomworms, in the near future.

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today