Ransomware, typically in the form of encryption Trojans, grew rapidly in popularity with attackers in 2016, and these attacks are expected to cannibalise other more traditional attacks based on data theft in 2017.
The pursuit of profit is the primary motivation of cyber criminals, and ransomware is the simplest and most effective way to achieve this, said researchers at Panda Security.
But not only is the number of ransomware attacks expected to continue to increase, the malware involved is also expected to become more sophisticated, predict security experts at SecureWorks.
“Though most ransomware attacks are not targeted, it is likely there will be an uptick in targeted attacks in 2017,” said Alexander Hanel, a security researcher at SecureWorks.
“Compromising corporate environments through targeted attacks allows the attackers to request more money than they would receive from a typical user. That makes enterprise targets more attractive,” he said.
In 2016, a wave of ransomware attacks hit targets ranging from hospitals to a major metropolitan municipal railway system, said Hanel. “The proliferation of ransomware families and the success attackers have had in compromising systems makes it highly likely these types of attacks will continue in 2017,” he said.
The emergence of open source ransomware programs hosted on GitHub and hacking forums is expected to further spur the growth of these attacks in 2017.
“These programs are freely available for anyone who has the basic knowledge needed to compile existing code,” said Ondrej Vlcek, chief technology officer at security firm Avast.
“Even if the wannabe perpetrator doesn’t have the skills to create their own malware from free code, this can now also be readily outsourced. There is already a ransomware as a service [RaaS] model, which provides automatically generated ransomware executables for anyone who wants to get rich by infecting potential victims. The bottom line is that creating or buying your own ransomware has never been easier. So ransomware is here to stay and is expected to be a bigger problem yet in 2017,” he said.
While law enforcement action is expected to have some effect on general ransomware, security experts predict 2017 will see a rise in ransomware targeting mobile devices.
In the light of the fact that mobile users generally have their data backed up on the cloud, mobile ransomware will aim to steal users’ bank credentials and take money directly from their accounts, according to virtual private network (VPN) service provider NordVPN.
Security experts generally advise against paying ransoms because there is no guarantee the data will be restored.
The threat of ransomware encryption and file deletion can be minimised by solid malware protection, email hygiene and regular, offline backups.
However, Avast’s Ondrej Vlcek points out that cyber criminals could potentially also download a copy of sensitive data and threaten to publish and expose these files online if the company fails to pay ransom.
“This technique is called doxing. It has been used in hacking attacks where systems have been penetrated. While, to date, only proof-of-concept inclusions of doxing capabilities have been seen in ransomware, we’re predicting to see more of this type of extortion in the wild in 2017,” he said.
This will result in a breed of ransomware designed to produce endless duplicates of itself, spreading the infection across an entire network, according to WatchGuard Technologies.