Light Dark
May 7, 2018 By Douglas Bonderud 2 min read

Although major, widespread campaigns such as WannaCry drove a 415 percent increase in ransomware attacks last year, recent research revealed that the threat vector is fading in 2018.

F-Secure’s “The Changing State of Ransomware” report found that the lack of big paydays for even the most headline-worthy campaigns has led to a gradual decline in these types of attacks. Users recognize that even paying up doesn’t guarantee the safe return of data.

Ransomware News Revolves Around WannaCry in 2017

2017 was an interesting year for ransomware. Strains such as Locky, Mole, Cerber and CryptoLocker remained popular and the number of new malware families increased by 62 percent to reach 343 strains worldwide last year. However, F-Secure Security Advisor Sean Sullivan noted that this type of activity began to taper off after last summer and that the “ransomware gold rush mentality is over.”

The exception was WannaCry, which accounted for 90 percent of all ransomware attacks reported in 2017. The first wave of these attacks was stifled by the discover of a kill switch. While this gave security professionals time to regroup, it didn’t stop subsequent infections because WannaCry spread like a worm across vulnerable SMB ports — the more hosts it infected, the greater its reach.

This not only bolstered second-wave WannaCry numbers, but it also led to the development of unique variations, some of which kept the worm qualities but ditched the encryption. F-secure noted that these variants made the impact “less noticeable for victims” but still caused problems “in the way of downtime and service outages due to the worm’s bandwidth consumption.”

Emerging Trends in Ransomware Attacks

The report also touched on emerging trends, such as the shift toward crypto-mining thanks to bitcoin value gains through 2017. Crypto-mining malware leverages unused central processing unit (CPU) cycles and “draws considerably less attention than ransomware,” according to the report. Attackers are also adjusting their aim and targeting corporate environments instead of individuals since enterprises offer better potential returns.

Finally, the report pointed out that while WannaCry — and, to a lesser extent, Locky — “dominate prevalence statistics,” they aren’t necessarily the most successful ransomware attacks. WannaCry only raked in around $140,000, but a unique Linux variant of the Erebus ransomware nabbed a $1 million payout for attackers last year from a South Korean web hosting firm.

The bottom line is that although WannaCry had the greatest reach and staying power in 2017, attackers are now shifting gears to create targeted corporate campaigns and leverage crypto-mining tools.

 |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

September 6, 2024

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

September 5, 2024

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

September 4, 2024

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature