Ransomware Threat Continues Surge

By Paula Bernier, Executive Editor, TMC  |  January 16, 2017

The ransomware problem is bad, and it’s only getting worse. Ransomware is, of course, malware for which the hackers demand payment.

Developed in 1989 by Harvard biologist Joseph Popp, ransomware is now commonplace, according to Deloitte’s (News - Alert) latest Threat Intelligence and Analytics report. This variety of malware first surged in 2013, according to Deloitte, which adds that in the first quarter of 2016 there were more than 4,000 ransomware attacks daily – a 300 percent increase from the previous year.

An Osterman Research survey for Malwarebytes, meanwhile, suggests that nearly two-fifths of businesses in Canada, Germany, the U.K., and the U.S. were the victims of ransomware attacks. Nearly half were due to employees clicking on bad email links, the survey indicates. And in two-fifths of the cases, data from more than one computer was encrypted.

And a new survey from Cato Networks indicates that 73 percent of CIOs, and 50 percent of those surveyed, said defending against emerging threats like ransomware is their top priority for 2017 across networking and security  

“This points to both the increasing proliferation of ransomware attacks across both large and small enterprises as well as increasing industry awareness of the issue, spurred on by a number of recent, high-profile attacks,” said Cato Networks.

Ransomware attacks are growing more frequent due in large part to two trends: the increasing processing powers of computers (which are now so powerful that they can encrypt their own files in a matter of hours) and the rise of anonymous payment systems such as Bitcoin (which make it easy for criminals to accept payment without fear of being traced), according to Intermedia (News - Alert).

“Numerous tech publications have listed ransomware among the biggest digital threats facing businesses today,” notes Intermedia. “This is due to its capacity to slip through corporate security and its potential to replicate itself across a corporate network. Even Apple (News - Alert) users aren't immune: the first ransomware targeting Macs has recently been spotted. More is sure to come.”

There are two kinds of ransomware, Deloitte says: Locker and Crypto. Locker doesn’t encrypt but rather infects and displays a messaging suggesting the computer has been commandeered by law enforcement related to a crime. Meanwhile, Crypto encrypts files and requests money for decryption. Chimera, CryptoWall, Locky, SamSam, TeslaCrypt, VaultCrypt are among the names of recent ransomware attacks. CryptoWall in 2015 alone extorted more than $325 million from U.S. victims, Deloitte reports.

Ryan Barrett, vice president of security at Intermedia, says that it’s not unusual for organizations to be asked to pay up to $5,000 per affected user. This cost, he adds, is in addition to the IT staff time spent working to address ransomware.

Last year we saw Locky ransomware, which scrambles user files, encrypts them, and then renames file extensions to .locky, Deloitte says. SamSam, which targets servers by exploiting vulnerabilities in JBoss, and then spreads to Windows machines to encrypt their files, also reared its ugly head in 2016.

“As cybersecurity threats continue to evolve, ransomware is fast becoming the No. 1 menace,” according to Deloitte. “The alarming sophistication of ransomware marks a paradigm shift in the cybercrime ecosystem. Even the most advanced data theft malware has an inherent vulnerability – it must establish a communication channel with its controller to receive commands and exfiltrate the targeted data, and in the process, it generates a signature that can be detected on the network.

“Ransomware is more stealthy, with some recent variants completing their dirty work without making a single call to the internet,” Deloitte adds. “Other variants attempt to eliminate data recovery options by encrypting additional connected drives and network shares, deleting files and system restoration points, or even remaining dormant until after a backup cycle.”

Edited by Alicia Young