New Ransomware Emerges as Criminals Expand Capabilities

Ransomware is a billion-dollar-a-year industry, and it’s only expected to get worse. In fact, new ransomware shows its ugly face every single day, increasing risk exposure for businesses of all sizes. Here are a few statistics to put the problem in perspective:

  • Ransom payments rose from a total of $24 million in 2015 to over $1 billion in 2016.
  • The average payment demanded doubled between 2015 and 2016—from $295 to $679.
  • study by IBM reports that half of the companies surveyed paid $10,000 to regain access to their data, with 20 percent of respondents having paid $20,000 or more.
  • The number of ransomware attacks rose 165 percent in 2015, and according to an InformationWeek DarkReading report, “April 2016 was the worst month on record for ransomware in the U.S.”

New Ransomware Increases in Sophistication

Ransomware attacks are not only growing more common, but the tools cybercriminals use to perpetrate them are becoming more sophisticated as well. The source code for several of the most common ransomware attacks is freely available and accessible even to amateurs. As Susan Richardson noted in the Cloud Security Alliance blog, “Ransomware has become big business, and with that cash flow, comes development of more complex ransomware strains and more clever techniques for infecting targets. In an ironic twist, creators of popular ransomware such as Locky are now working to ‘protect’ their cryptoware from enterprising copycats who create knockoff versions and variants. No honor among thieves, indeed.”

Enhanced tools used to create new ransomware fall into three broad categories:

  • Improved encryption. The most obvious increase in technological sophistication has been in the development of encryption technology. Cybercriminals are now using both symmetric (Advanced Encryption standard) and asymmetric (RSA) techniques to encrypt a company’s data, then demand a ransom for the encryption key.
  • More effective phishing lures. As Richardson notes, new ransomware oftentimes uses personalized landing pages to lure unwitting users to load the ransomware code. Companies must now do more than just warn their employees to avoid suspicious links in emails.
  • Sheer brute force. Some skilled cybercriminals are sticking with the “old ways”—good old brute-force attacks, typically on internet-connected remote desktop servers. If the attacker is a sufficiently skilled hacker, such an attack “immediately gets the attacker much deeper into an enterprise network, allowing them to compromise more devices and ransom more data,” says Richards. One such attack—Crysis—used this strategy to compromise computers in businesses throughout all of Australia and New Zealand.

No business is too small to be threatened by ransomware. All Phases IT can help your business stop or prevent ransomware and other cyberattacks. Contact us today for a complimentary consultation and evaluation of your current IT security infrastructure. We’re here to help!