Although cybersecurity researchers determined that the recent “Petya” or ”Nyetya” global malware attack was not ransomware designed to encrypt then decrypt files in exchange for ransom payment, but instead “wiperware” aimed at erasing data from infected systems, the incident highlighted the increasing sophistication of ransomware.
Ransomware is being spread not only via emails but in malware hidden in advertising, too. Attackers are also downloading kits that let them easily deploy ransomware, a practice known as Ransomware as a Service. The growing complexity of ransomware means that users and IT leaders need to be on their toes and ensure they have their data backed up.
Dan Siebert, an inside sales engineer for security at CDW, detailed the ransomware threat landscape during a recent CDW webinar sponsored by TrendMicro. On the one hand, individuals are engaging in crimeware to encrypt users’ files and get money via ransoms. In the meantime, he said, “there is a little bit of confusion” within the industry about “what ransomware is, how it spreads, how to defend against it and what you can do” to guard against it.
“We are not recommending in any way, shape or form that you pay the ransom,” he said. “If you pay the ransom, you are encouraging them to keep the activity going. However, if you don’t put your security and blocks in place to stop what’s happening, and to stop that attack from coming in — if you lose your resources, lose your data — you really don’t have any other option at this point other than to pay.”
Ransomware has been around for years, and it has evolved significantly in the last few years, Siebert said. In 2013 and 2014, hackers started moving away from data exfiltration, he said, because they started “realizing that they can make easier, better money and spend less time” by encrypting users’ files and making them pay a ransom in a short period of time to get them back.
In the first quarter of 2015 only four variants of ransomware existed in the market, but that number grew to 15 within a year, Siebert noted. Since then, ransomware has grown more numerous and complex.
“This problem isn’t really going to go away,” Siebert said. “It’s really definitely out there and just growing and getting worse.”
Criminals who use ransomware have the infrastructure in place to easily make money off of attacks and are doing so, Siebert said. Such attacks are a lot easier than tracking down and exfiltrating data.
There are three main variants of ransomware in the market today, Siebert said:
Ransomware attacks generated around $1 billion in 2016 according to the FBI. CryptoWall alone generated $100 million in payments in 2016, Siebert said, but in 2015 it caused $325 million in damages via the servers and infrastructure and research spent to defend against it.
For more information, check out, "The 3 Main Ways Ransomware Spreads in 2017." And for more on the evolving threat of ransomware, the damage these threats can cause and how you can stop them, check out this CDW webinar sponsored by Trend Micro.