Ransomware has worked for cybercriminals for many years, and it continues to be a valuable tool in their arsenal. A recent post on Security Intelligence discussed the trend of attackers reverting to older techniques to deliver ransomware to the employee endpoint. But now it’s time to look ahead at the future of ransomware.
Following a Pattern
A good place to start when predicting the future of ransomware is the broader history of malware in general. In light of the way malware has evolved, especially in recent years, the clear next step is likely for ransomware to become situationally aware. Dyre, first discovered in 2014, is a perfect example of a malware that started out as a simple banking Trojan and then quickly developed situational awareness — which led to its becoming substantially more dangerous
Earlier this year, IBM was a key player in identifying a new tactic, which we called Dyre Wolf. Marking a significant break with previous encounters with Dyre, the Dyre Wolf attacks included a social element in which users on an infected endpoint would visit a particular website and get an error message instructing them to call their bank to verify certain personal details. In reality, the message was provided by the attackers and led victims directly to them.
The evolution from Dyre to Dyre Wolf reveals that malware authors and attackers are no longer satisfied with sending out a phishing email and capturing the credentials of 1 or 2 percent of its recipients. Instead, they are developing more sophisticated tools and social engineering tactics to ensure they can target not only key organizations, but key individuals within those organizations.
The Future of Ransomware
When an enterprise gets infected by ransomware today, it has to pay the going rate to get its information released. A mom-and-pop shop that gets infected pays, say, $700 per item to have its data released; a Fortune 100 company that gets infected has to pay that same $700. Right now that number is identical, but clearly the capacity to pay is much larger in a corporate environment than it is in a two- or three-person small business. This is an area in which more situationally aware ransomware could wreak havoc.
Given its past success, traditional ransomware seems destined to continue to thrive on unprotected endpoints. It may even become more lucrative by incorporating social engineering and other advanced attack methods. Ransomware will likely also look to new playing fields such as the Internet of Things (IoT).
When discussing the security of connected cars, for example, the focus is usually on data protection, privacy or, of course, physical safety. But there’s no reason to think new types of ransomware schemes won’t play a role here, as well. If attackers do manage to hack an autonomous car, they could potentially take control, brick the engine and demand a ransom of, say, 10 or 20 bitcoins to release the car. Such a scheme would be relatively easy for a cybercriminal with the right tools and simultaneously disastrous for victimized individuals, organizations and economies.
In terms of general malware trends but also specifically with ransomware, we see a lot of generic malware out there, but we also see some malware that very clearly is trying to stay ahead of the pace of our existing network tools and even new tools that are being developed. This has been the case for 10 or even 15 years, and it’s not likely to change. In such an environment, a successful organization is one that doesn’t rely exclusively on security tools, but rather has a proactive mindset when it comes to protecting assets.
If you’re not threat hunting and proactively preparing for a potential security event, you’re setting yourself up for a rude awakening. You do want to continue to build up your castle wall to keep threats out, but it’s also crucial to plan your response for dealing with ransomware and any other threats that manage to get in.