May 7, 2018 By Douglas Bonderud 2 min read

Although major, widespread campaigns such as WannaCry drove a 415 percent increase in ransomware attacks last year, recent research revealed that the threat vector is fading in 2018.

F-Secure’s “The Changing State of Ransomware” report found that the lack of big paydays for even the most headline-worthy campaigns has led to a gradual decline in these types of attacks. Users recognize that even paying up doesn’t guarantee the safe return of data.

Ransomware News Revolves Around WannaCry in 2017

2017 was an interesting year for ransomware. Strains such as Locky, Mole, Cerber and CryptoLocker remained popular and the number of new malware families increased by 62 percent to reach 343 strains worldwide last year. However, F-Secure Security Advisor Sean Sullivan noted that this type of activity began to taper off after last summer and that the “ransomware gold rush mentality is over.”

The exception was WannaCry, which accounted for 90 percent of all ransomware attacks reported in 2017. The first wave of these attacks was stifled by the discover of a kill switch. While this gave security professionals time to regroup, it didn’t stop subsequent infections because WannaCry spread like a worm across vulnerable SMB ports — the more hosts it infected, the greater its reach.

This not only bolstered second-wave WannaCry numbers, but it also led to the development of unique variations, some of which kept the worm qualities but ditched the encryption. F-secure noted that these variants made the impact “less noticeable for victims” but still caused problems “in the way of downtime and service outages due to the worm’s bandwidth consumption.”

Emerging Trends in Ransomware Attacks

The report also touched on emerging trends, such as the shift toward crypto-mining thanks to bitcoin value gains through 2017. Crypto-mining malware leverages unused central processing unit (CPU) cycles and “draws considerably less attention than ransomware,” according to the report. Attackers are also adjusting their aim and targeting corporate environments instead of individuals since enterprises offer better potential returns.

Finally, the report pointed out that while WannaCry — and, to a lesser extent, Locky — “dominate prevalence statistics,” they aren’t necessarily the most successful ransomware attacks. WannaCry only raked in around $140,000, but a unique Linux variant of the Erebus ransomware nabbed a $1 million payout for attackers last year from a South Korean web hosting firm.

The bottom line is that although WannaCry had the greatest reach and staying power in 2017, attackers are now shifting gears to create targeted corporate campaigns and leverage crypto-mining tools.

More from

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today