Ransomware Getting Trickier

Ransomware Getting Trickier

2017 has been an unbelievable year in terms of cybersecurity. Ransomware threats like WannaCry and NotPetya were witnessed by users. These threats trembled the digital world as no one expected a ransomware attack to be such outrageous. Since then, things have only become worse and there’s no end to these threats. In fact, there’s been a shift towards more serious threats like cryptojacking, and file encrypting malware. With each passing day these threats are becoming rampant.

This means malware attacks aren’t going to stop anytime soon. The cat and mouse game between cyber attackers and security experts is going to live for long and possibly forever.

Major threats seen in 2017

Don’t think WannaCry and NotPetya were the only attacks that changed the situation. There were other threats too that made thing worse last year, for both small and big business houses.

Soon after these threats there came a third ransomware outbreak known as Bad Rabbit. Although it wasn’t that big but it affected a major section of Russia and Eastern Europe.

Besides, these there were other malware attacks spreading throughout like Locky ransomware that distrusted hospital networks, Cerber ransomware and few others. You may not believe as these threats did not make news headlines but they affected large part of the world.

But with time ransomware threats started to fade, a sudden drop in ransomware attack was noticed that made people believe, ransomware attacks are dying. But this was a myth as cryptocurrency mining malware a.k.a cryptojacking was replacing them.

What is cryptojacking?

Cryptomining malware popularly known as cryptojacking, is a new term, but it has made its mark in the world of online threats. It means software programs and malware designed to take over computer’s resources to mine cryptocurrency without user’s permission.

What attackers do is they infect the machine with a malware that secretly use CPU processing power to mine cryptocurrency, this method is used to mine Monero cryptocurrency.

Unlike ransomware, cryptojacking doesn’t block user from accessing the system. In fact, it slows down system speed as the CPU power is used by the attacker to mine cryptocurrency. The malware works stealthy on the machine and delivers a steady stream of income to the attacker. This makes cryptojacking popular more than ransomware. As both the victim and attacker can do their job without interfering in each other’s work.

So, does this mean no longer we need to worry about ransomware? Perhaps, not.

Also Read : SamSam Ransomware: An Elusive Malware

Ransomware is still a threat and it is still alive.

The evidence of which seen in the recent March attack on City of Atlanta. SamSam, the family of ransomware that has been operational since 2015, was behind the attack and was used to encrypt data due to which considerable number of online service had to face shutdown.

Ransomware
Image: Secureworks

A SamSam ransom note on an infected system.

The attack was remarkably successful as victims paid to get their system up and running. This all was possible as ransomware is still a threat and a level of expertise is required to deal with it.

Till data ransomware stays a threat to businesses.

Another variation of ransomware that was a success was GandCrab. The malware first appeared in January, and it offers an affiliate model. Since then it is being updated on daily basis the bugs are being patched and fixed. This says that still attackers are serious about ransomware and they put a lot of effort to make them a success.

Ransomware Getting Trickier

GandCrab ransom note

Besides, these two there is another ransomware lurking around named DataKeeper. It is the new kid on the block but is very dangerous. DataKeeper appeared in February 2018 and since then it is creating problems. The attackers behind this threat are very serious they keep a close eye on each security log released to fix any ransomware. As soon as they find that a patch can detect their ransomware they patch the vulnerability and make it stronger.

They keep on changing and updating the code.

Harmful effects of ransomware attack

There is no end to ransomware attacks, they will always be a threat. But with time their effectiveness is decreasing they aren’t on the same scale as previous ransomware attacks, this is all due to popularity of cryptojacking attacks.

But, ignoring any threat is wrong, the day we start doing so we never know what harm these threats may cause to our data. Ransomware attack may have become inactive but they have serious damaging effects. They are flying under the radar, so that they can attack when the time is right. Even if they cause short term damage it means, your site or business becomes inoperable when ransomware encrypts files. All this leads to loss of customer trust and users start to believe that no longer the company can secure their data.

Unlike crptojacking that needs patience to get a payment released, ransomware offers big pay days to cybercriminals without waiting for it.

Conclusion

Ransomware attacks spread quickly like fire in the woods a single vulnerability detected can lead to havoc. EternalBlue SMB vulnerability that allowed NotPetya and WannaCry to spread over network can’t be overlooked because you never know when susceptibility like these can cause damage.

Organizations need to patch their network as soon as they get to know about a vulnerability. In case of WannaCry and NotPetya most organizations already knew about NSA vulnerability but they overlooked it, due to which they had to bear huge losses.

Must Read : Dharma Ransomware: Another Ransomware Returns From Oblivion

Cybercriminals are very smart they aren’t short of any opportunity, they always keep their eyes open and as soon as they are able to detect a vulnerability they start targeting victims. Because ransomware pays them a huge amount in a short span of time. And this is the reason cybercriminals will keep on deploying ransomware.

If even for a second you were thinking that ransomware is out of focus then you are wrong. Ransomware malware was there and will always be. It just that with time the way it works may differ but the aim behind it will never changes. Cybercriminals know ransomware is the easiest way to make millions and they won’t leave any stone unturned to make money.