Although it is at the forefront of any discussion about security today, ransomware has only been a major part of the malware scene since 2014. The threat is still evolving, and IT professionals are sure to encounter even more advanced ransomware in 2017.

Tracking the Continued Rise of Ransomware in 2017

Ransomware generally revokes access to a victim’s endpoint or encrypts data on that endpoint before prompting the victim to pay a ransom to regain control. That’s the basic idea, but the devil is in the details.

These attacks have grown drastically more frequent in recent years. According to the IBM report, “Ransomware: How Consumers and Businesses Value Their Data,” 4,000 ransomware attacks occurred per day in 2016, four times more than the previous year.

Naturally, the total payout to cybercriminals has increased with the volume of attacks. The FBI reported that ransomware victims in the U.S. shelled out $209 million for their stolen data in just the first three months of 2016, a dramatic increase from the $24 million companies spent in all of 2015, according to Reuters. This growth shows no signs of slowing down.

Authorities generally advise victims not to pay the ransom, since there is no guarantee that they will receive a working decryption key. More importantly, paying the ransom funds future cybercriminal endeavors. Ransomware victims should resolve to slow this progress by refusing to pay for stolen files in 2017.

Consumers Versus Enterprise Users

Consumers in general may be unaware of the threat they face. Just 31 percent of consumers have specifically heard about ransomware, according to the IBM report. This creates a long-term problem when consumer actions are factored into a threat model because those consumers are less likely to know best practices for protecting data. IT experts must increase their efforts to educate people about ransomware as the threat landscape expands.

Enterprise users are, in general, much better informed about ransomware. The same survey found that 46 percent of executives had experienced ransomware attacks in the workplace and 70 percent of those executives paid to recover their stolen data. Larger enterprises are also more likely to train workers about IT security.

Social Engineering Going Strong in 2017

Most ransomware schemes depend on social engineering ploys to trick victims into activating the malware. This strategy served fraudsters well, so it’s safe to assume they’ll continue to employ it in 2017 and beyond. To mitigate the threat of an infection via social engineering, consumers should never open attachments from untrusted or unknown email.

Companies can implement policies to minimize actions that could lead to infections, but this is complicated by the legitimate need to frequently open attachments in a business setting. Many organizations would benefit from blocking Microsoft Office macros, because these are particularly popular vehicles for malware.

Not all attacks require user action to be implemented, however. Drive-by infections lurk in specially crafted pop-up advertisements. All a victim has to do is view a seemingly innocuous webpage. With social engineering, fraudsters like to keep it simple.

Low-Hanging Fruit

Ransomware typically targets the lowest hanging fruit. Cybercriminals are particularly well-versed in exploiting Windows vulnerabilities, for example. This malware does not need to infiltrate your entire system for long-term access; it simply needs a gateway to access your data, which doesn’t require advanced tools. Windows users have many default privileges that can be exploited to allow total access.

Ransomware will almost surely continue to grow in volume and complexity in 2017. Security analysts should keep an eye on the evolution of ransomware, which may bring advanced attacks, such as ransomworms, in the near future.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today