After Bad Rabbit, 2017 is still yet to see another malware attack, at least it is anticipated. The ransomware that hit mid-year proved that most companies aren’t prepared in case of a cybersecurity attack. The impact was felt through operations and financial sectors in most businesses.
Security researchers have said that the next epidemic of ransomware will be deadly as ransomware is evolving and attackers are using new tricks and exploits. Some ransomware like WannaCry went a step further to use a leaked exploit from the NSA. With tools like that in the hands of attackers, ransomware will be complicated to get rid of.
The problem is much worse when the end goal is not money. For instance, the Petya ransomware was later discovered that even if someone paid the required amount, they wouldn’t still get their files if the attackers count decrypt them as they did not exist anymore. In a nutshell, the ransomware was wiper. If this trend continues to hold, organizations will lose a lot of data if not prepared. Below are ways in which ransomware will become deadly, some of the ways have already been revealed in the recent attacks.
Ransomware-as-a-service (RaaS)
If you are familiar with cloud computing, then you have probably come across ‘as a service’ lots of time. RaaS is the latest development in ransomware where the motive is all about making money. In RaaS, an author of ransomware hosts the malicious code in a portal but in a user-friendly way. Anyone having access to the portal can then take the code and deploy the ransomware, or tweak the code a little further and produce something deadlier.
RaaS has a profit-sharing model in which the attackers earn money from victims, much like an affiliate program. All earnings go to the original creator of the ransomware code, and he/she shares with the affiliates. Reports have revealed that affiliates get 60 to 80 percent of the earnings. RaaS even features a dashboard where you can monitor how your ransomware is doing; the number of infections, victims who have paid up and other details. RaaS will make dealing with malware hard as it seen as a lucrative business and lots of people might join the wagon.
Ransomware as a diversion
This is a way in which most ransomware have hidden malicious code that does something else. The goal might not be about money in most cases. This is dangerous in that, you might have countermeasures for ransomware, but the ransomware is just a dropper for other malware. This other malware is not easily detected at first and may do a lot of damages in a system. Behind the scenes, the other malware or trojan may scrape your data, infiltrate other systems and even transfer your funds. By the time you realize this, it would have been too late. Other ransomware will not only encrypt your data but also steal it.
In this case, ransomware will be the least of your worries. In this year’s case, ransomware Petya was discovered to have a wiper hidden in it. Its purpose; to destroy data and make it irrecoverable on infected machines. So, after dealing with the ransomware, organizations should also check for other malware or trojans that may have been dropped.
Ransomware as blackmail
Most security analysts and firms may advise against not paying up when you’re infected with a ransomware as it encourages attackers. But attackers have also developed a countermeasure for that which ensure you will pay the said amount. For instance, a family of Android ransomware is already doing that. If you don’t heed the pay me and get your files back part, they further threaten to release your sensitive information and secrets to either your contacts or the public if you’re of too important for them.
With this tactic, even backups are not useful anymore. So, if you have something that you want to it hidden forever, you’re sure going to pay up. The only safe way to protect your self against this ransomware is not yet known.
Ransomware for enterprises
This is a family of ransomware that targets organizations or countries explicitly and delivers a massive disruption of the organization’s operations. Most major 2017 ransomware outbreak were aimed at enterprises including the latest Bad Rabbit malware which hit Russia and Eastern Europe’s, media and infrastructure agencies.
As manifested, enterprise ransomware locks users out of their PCs and also hits critical organizations’ system and hence crippling the entire business.
Drive-by-attacks
Past ransomware attacks would attack a single machine after being downloaded or distributed via spam emails. Latest ransomware may attack the whole network system of organizations and even spread further. 2017 ransomware attacks have exploited a vulnerability in the SMB/SMB2 and WMI protocols. The most common exploits used as discovered by securities analysts are the EternalBlue and EternalRomace exploits. Other ransomware also used other exploits from the NSA leak.
Organizations that didn’t patch the vulnerabilities suffered a lot.
How to protect yourself against ransomware attacks
From the above ways, some ransomware cannot be countered, but you can take proactive measures that will ensure you or your organization doesn’t fall victim to the attacks. As an end user you and an organization as a whole, you should follow the best cybersecurity practices such as keep your system and software up to date, backing up data regularly, knowing how ransomware works, having sensitive information on a different machine and so one. When backing up data, store the replicas on a different machine or server that’s not located in the organization, i.e. in the cloud.
The most important defence mechanism against cybersecurity relies on how well the users are educated and trained concerning security matters. Users should be trained to distinguish hacked and spoofed websites, install alerting systems for phishing attacks and drive-by downloads and not to download or open spam attachments whose source is not known or looks suspicious. An infographic by KnowBe4 showed that a higher percentage of people consider security awareness training to be the most effective countermeasure against ransomware and other malware.
