Although it is at the forefront of any discussion about security today, ransomware has only been a major part of the malware scene since 2014. The threat is still evolving, and IT professionals are sure to encounter even more advanced ransomware in 2017.

Tracking the Continued Rise of Ransomware in 2017

Ransomware generally revokes access to a victim’s endpoint or encrypts data on that endpoint before prompting the victim to pay a ransom to regain control. That’s the basic idea, but the devil is in the details.

These attacks have grown drastically more frequent in recent years. According to the IBM report, “Ransomware: How Consumers and Businesses Value Their Data,” 4,000 ransomware attacks occurred per day in 2016, four times more than the previous year.

Naturally, the total payout to cybercriminals has increased with the volume of attacks. The FBI reported that ransomware victims in the U.S. shelled out $209 million for their stolen data in just the first three months of 2016, a dramatic increase from the $24 million companies spent in all of 2015, according to Reuters. This growth shows no signs of slowing down.

Authorities generally advise victims not to pay the ransom, since there is no guarantee that they will receive a working decryption key. More importantly, paying the ransom funds future cybercriminal endeavors. Ransomware victims should resolve to slow this progress by refusing to pay for stolen files in 2017.

Consumers Versus Enterprise Users

Consumers in general may be unaware of the threat they face. Just 31 percent of consumers have specifically heard about ransomware, according to the IBM report. This creates a long-term problem when consumer actions are factored into a threat model because those consumers are less likely to know best practices for protecting data. IT experts must increase their efforts to educate people about ransomware as the threat landscape expands.

Enterprise users are, in general, much better informed about ransomware. The same survey found that 46 percent of executives had experienced ransomware attacks in the workplace and 70 percent of those executives paid to recover their stolen data. Larger enterprises are also more likely to train workers about IT security.

Social Engineering Going Strong in 2017

Most ransomware schemes depend on social engineering ploys to trick victims into activating the malware. This strategy served fraudsters well, so it’s safe to assume they’ll continue to employ it in 2017 and beyond. To mitigate the threat of an infection via social engineering, consumers should never open attachments from untrusted or unknown email.

Companies can implement policies to minimize actions that could lead to infections, but this is complicated by the legitimate need to frequently open attachments in a business setting. Many organizations would benefit from blocking Microsoft Office macros, because these are particularly popular vehicles for malware.

Not all attacks require user action to be implemented, however. Drive-by infections lurk in specially crafted pop-up advertisements. All a victim has to do is view a seemingly innocuous webpage. With social engineering, fraudsters like to keep it simple.

Low-Hanging Fruit

Ransomware typically targets the lowest hanging fruit. Cybercriminals are particularly well-versed in exploiting Windows vulnerabilities, for example. This malware does not need to infiltrate your entire system for long-term access; it simply needs a gateway to access your data, which doesn’t require advanced tools. Windows users have many default privileges that can be exploited to allow total access.

Ransomware will almost surely continue to grow in volume and complexity in 2017. Security analysts should keep an eye on the evolution of ransomware, which may bring advanced attacks, such as ransomworms, in the near future.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…