An Evolving Threat: Ransomware in 2017

Although it is at the forefront of any discussion about security today, ransomware has only been a major part of the malware scene since 2014. The threat is still evolving, and IT professionals are sure to encounter even more advanced ransomware in 2017.

Tracking the Continued Rise of Ransomware in 2017

Ransomware generally revokes access to a victim’s endpoint or encrypts data on that endpoint before prompting the victim to pay a ransom to regain control. That’s the basic idea, but the devil is in the details.

These attacks have grown drastically more frequent in recent years. According to the IBM report, “Ransomware: How Consumers and Businesses Value Their Data,” 4,000 ransomware attacks occurred per day in 2016, four times more than the previous year.

Naturally, the total payout to cybercriminals has increased with the volume of attacks. The FBI reported that ransomware victims in the U.S. shelled out $209 million for their stolen data in just the first three months of 2016, a dramatic increase from the $24 million companies spent in all of 2015, according to Reuters. This growth shows no signs of slowing down.

Authorities generally advise victims not to pay the ransom, since there is no guarantee that they will receive a working decryption key. More importantly, paying the ransom funds future cybercriminal endeavors. Ransomware victims should resolve to slow this progress by refusing to pay for stolen files in 2017.

Consumers Versus Enterprise Users

Consumers in general may be unaware of the threat they face. Just 31 percent of consumers have specifically heard about ransomware, according to the IBM report. This creates a long-term problem when consumer actions are factored into a threat model because those consumers are less likely to know best practices for protecting data. IT experts must increase their efforts to educate people about ransomware as the threat landscape expands.

Enterprise users are, in general, much better informed about ransomware. The same survey found that 46 percent of executives had experienced ransomware attacks in the workplace and 70 percent of those executives paid to recover their stolen data. Larger enterprises are also more likely to train workers about IT security.

Social Engineering Going Strong in 2017

Most ransomware schemes depend on social engineering ploys to trick victims into activating the malware. This strategy served fraudsters well, so it’s safe to assume they’ll continue to employ it in 2017 and beyond. To mitigate the threat of an infection via social engineering, consumers should never open attachments from untrusted or unknown email.

Companies can implement policies to minimize actions that could lead to infections, but this is complicated by the legitimate need to frequently open attachments in a business setting. Many organizations would benefit from blocking Microsoft Office macros, because these are particularly popular vehicles for malware.

Not all attacks require user action to be implemented, however. Drive-by infections lurk in specially crafted pop-up advertisements. All a victim has to do is view a seemingly innocuous webpage. With social engineering, fraudsters like to keep it simple.

Low-Hanging Fruit

Ransomware typically targets the lowest hanging fruit. Cybercriminals are particularly well-versed in exploiting Windows vulnerabilities, for example. This malware does not need to infiltrate your entire system for long-term access; it simply needs a gateway to access your data, which doesn’t require advanced tools. Windows users have many default privileges that can be exploited to allow total access.

Ransomware will almost surely continue to grow in volume and complexity in 2017. Security analysts should keep an eye on the evolution of ransomware, which may bring advanced attacks, such as ransomworms, in the near future.

Share this Article:
Larry Loeb

Principal, PBC Enterprises

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He wrote for IBM's DeveloperWorks site for seven years and has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange.