The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray and pray” campaigns have been around.
Of course, unlike those mail scams, which were limited in scope and fairly easy to spot, ransomware—and the technologies that are supporting its meteoric rise—are changing the game.
What do the experts at Arcserve and KnowBe4 have to say about 2018 ransomware trends, and how you might protect and recover your critical data?
Let’s dive in.
Ransomware attacks are growing more sophisticated by the day. The spelling and grammar issues that once alerted us to phishing emails are all but gone.
Today, ransomware technologies are not only more sophisticated but more accessible, too. And, with behavior science now creeping into the mix, phishing attacks are becoming more seductive, while refusing ransom demands, more difficult.
What ransomware trends should you be mindful of in 2018?
We’re witnessing an arms race. While data security vendors are fast at work, developing solutions that will combat the ransomware threat—ransomware developers, faced with locked doors, are climbing through open windows.
For example, data security solutions monitor for unusual traffic and suspicious behavior—behavior like encrypting 300 files in the span of two minutes.
As a result, ransomware developers have begun slowing and/or randomizing the encryption process, so their ransomware more closely resembles human behavior. And, that enables them to escape detection and gain entrance into the victim’s environment.
What’s more, developers are programming their ransomware to remain dormant for a time and quietly infect backups before raising the alarm. They realize victims are more likely to pay when they don’t have good backups in place.
Unfortunately, common mistakes are leaving the door wide-open to attack, such as:
Ransomware-as-a-Service, or RaaS, isn’t new; the business model emerged all the way back in 2015.
What is new, however, is the degree of slick marketing behind these ransomware kits and their arrival on the open web.
Just consider Philadelphia, which hit the scene last year. While the ransomware kit must still be purchased on the dark web, its creators—The Rainmaker Labs—uploaded a product walkthrough video to YouTube.
The video demonstrates the ransomware’s simple wizard-driven set-up and promises:
Now, new arrival, Saturn, has evolved the business model still further, allowing criminals to leverage the ransomware kit without an up-front investment. Instead, ransomware developers take a 30% cut of their users’ profits.
With professional-looking SaaS websites, responsive customer support, and lower barriers to entry, we expect to see an increase in the sheer volume of ransomware infections driven by RaaS marketing.
And, that should concern us all.
While ransomware is primarily spread through phishing campaigns, we're also seeing a significant uptick in the numbers of targeted attacks that exploit exposed Remote Desktop Protocol, or RDP. In fact, we’re seeing this type of targeted attack play out over and over again with SamSam.
While these attacks require a greater investment of time, effort, and tech-savvy, the payoff is bigger, too. This is where the big money starts rolling in—by going after high-value targets.
Which industries will come under heavy fire this year?
For starters, healthcare. These highly-complex systems possess a lot of critical data and, if encrypted, could threaten lives.
Likewise, we expect to see state and local governments, government agencies, and education systems come under attack, as well.
Why?
Often times, these sectors operate within tight budget cycles and with limited staffing resources. Meaning, they’re not as well-equipped to identify and resolve vulnerabilities. What’s more, their reliance on public funding—and slow-to-move funding cycles—limits their ability to be agile.
Finally, HR departments in the business and professional service sector will continue to see highly-targeted attacks roll in, as cybercriminals come to recognize the damage they can do with this personal, and sometimes sensitive, data.
Ransomware developers are becoming really innovative—leveraging known behavior science principles to infect more systems and drive ransom payments.
Just look back at "Popcorn Time." Victims were faced with a moral choice:
Now, that’s diabolical.
There was a time when you’d get a virus on your network, and it was an inconvenience. No longer. With the advent of crippling ransomware strains, organizations are being brought to their knees.
The good news?
Organizations are taking the ransomware threat far more seriously and working to implement effective three-pronged approaches, which include:
What trends are we seeing among these solutions that will help you better protect your critical data?
We now know what makes ransomware training successful.
Large group information sessions aren’t it. Isolated phishing testing isn’t it, either.
The answer is in creating a comprehensive training system that not only teaches your end users what to look for, but then gives them real-world opportunities to practice what they’ve learned. It’s a combination of data security sessions that talk about safe password handling and digital hygiene, and phishing testing. And, together, they significantly increases the likelihood that your end users will spot phishing attacks.
The old days of signature-based endpoint protection are largely gone—ransomware is simply too sophisticated for that now. And, human analysis of ransomware threats just can’t keep up with the pace of malware releases.
That's where AI and behavioral analysis are coming into play.
Leveraging big data and machine learning-powered models, these technologies scan for characteristics and behaviors that might indicate ransomware—detecting ransomware and preventing it from executing, or at least mitigating its impact.
The backup and recovery paradigm is now shifting from disaster recovery to disaster avoidance. Meaning, organizations will begin to see RPOs and RTOs of minutes, making downtime feel like nothing more than a glitch.
And, that will enable IT professionals to mitigate the otherwise devastating impacts of ransomware-driven data loss and downtime.
The threat is out there and it’s escalating fast.
That’s why we recommend you implement robust end user training, data security, and backup and ransomware recovery.
Where do you start?
These are the basic best practices we believe every organization should adopt:
With these best practices in place, you’ll be equipped to prevent and recover from the ransomware infections that might otherwise cripple your business.
A war is raging. It pays to be prepared.