Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 15 August, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Seven Ransomware Predictions for 2018

by The Gurus
June 17, 2020
in Editor's News
Share on FacebookShare on Twitter

It might surprise you to know that most ransomware victims choose to pay a ransom to have their data restored. As long as victims continue to pay up, ransomware will continue to be a go-to strategy for cybercriminals. Furthermore, Forrester Research predicts that cybercriminals will increasingly use ransomware in 2018 to monetise attacks, as end-to-end encryption in payment systems often prevents them from stealing credit card data. In 2018, ransomware will be used as a backup method for when initial attacks fail. Adversaries will adopt a number of new strategies, which I will outline in this article. Interestingly, ransomware is also likely to be used to leave a false trail to conceal other attacks.

So here are our top seven predictions for this year. Ransomware will:

  1. Target Linux systems
  2. Become more targeted
  3. Exfiltrate data
  4. Be used as a smokescreen
  5. Be an attack of last resort
  6. Be used as a false flag
  7. Leverage social media

Last year, we observed attacks hitting MongoDB which suggest that ransomware will increasingly target Linux systems in 2018 in an effort to further extort larger enterprises. Overall, ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare, and tax preparers rather than the “spray and pray” attack we largely see now. There is already ransomware that targets databases, preying on businesses, and small tweaks to their code can target critical, proprietary files such as AutoCAD designs.

While most ransomware samples simply encrypt files in place and transmit encryption keys for the purpose of decryption, there will be ransomware samples that will take the extra step of exfiltrating data prior to encryption. Not only would such an evolution put stress on companies to restore their data but also incorporate the loss of proprietary data that could be sold on the black market. Ransomware will emerge as a secondary method when initial forms of attack fail. Adversaries that rely upon more crafted and targeted attacks may use ransomware as an attack of last resort.

Ransomware will increasingly leverage social media to spread either intentionally or unintentionally. Similar to malware such as Koobface, maliciously shared content on sites such as Facebook could lead victims to click enticing links. Attackers are known to use social engineering to influence people to unknowingly spread ransomware over the internet. Intentionally shared ransomware, seen in prior concepts, such as Popcorn Time, where victims could share to reduce or eliminate their ransom, could see larger-scale use.

In addition the greater sophistication of ransomware attacks that is inevitable in 2018, cybercriminals are likely to use ransomware as a way of throwing defenders off the scent. Ransomware will increasingly be used as a smokescreen. For example, in the past, Zeus botnet operators hit victims with DDoS attacks after an infection to take investigators off the trail. A similar trend is emerging with ransomware attacks where the encryption of files could take place after more damning actions are taken by adversaries. Using already existing techniques of deleting Volume Shadow Copies, which deletes potential file backups, and the deletion of Windows event logs, adversaries can thwart many incident response efforts by forcing responders to focus on decrypting files instead of investigating data and credentials exfiltrated.

Also, ransomware will be used more commonly as a false flag, as seen with NotPetya. Solely from dynamic analysis it was perceived to be Petya, when a more detailed review showed it wasn’t. Such quick analysis also insinuated it to be obvious ransomware, but a greater depth of disassembly showed that data was not held at ransom; it was simply destroyed.

Ransomware is now estimated to be a $5 billion crime, according to a Cybersecurity Ventures Report. In 2015, the estimate was a mere $24 million. In 2017, the industries most targeted were technology, government, non-profit and legal. However, no industry was, or is, immune. As attacks become more targeted and increasingly exploit the methods described above, having a strong defence system is more important than ever.

Therefore it is critical that anyone looking to combat ransomware chooses a defence system that has undergone a comprehensive ransomware test. To test their effectiveness, defence products should be tested against ransomware samples selected from multiple crypto-ransomware families collected in the wild.  For more information on non-malware attacks, ransomware and the evolving threat landscape in 2018, download Carbon Black’s 2017 Threat Report Carbon Black’s Threat Analysis Unit (TAU) has researched the current state of ransomware, malware and non-malware attacks with a particular focus on how frequently organisations are being targeted.

Written by Param Singh, Director of Threat Research, Carbon Black

 

FacebookTweetLinkedIn
Tags: 2018CybercybersecuritypredictionsRansomwaretech
ShareTweetShare
Previous Post

Hackers adopt ‘school of fish’ approach as they sharpen focus on mid-sized businesses

Next Post

Cryptocurrency Mining Malware has links to N.Korea

Recent News

Doctor holding phone

Recovery From NHS Attack Could Take Weeks

August 12, 2022
Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

August 12, 2022
Laptop, phone, hands

Campaign Launched to Stop People From Becoming Money Mules

August 11, 2022
MIRACL is One Cybersecurity Company to Watch in 2022

MIRACL is One Cybersecurity Company to Watch in 2022

August 10, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information