By Ryan Francis
Jan. 3, 2017
As if holding your data hostage and seeking cash payment weren’t harsh enough, security experts foresee the next stage of ransomware to be even worse.
Scott Millis, CTO at mobile security company Cyber adAPT, expects ransomware to spin out of control in the year ahead. That is an astounding statement when you consider that there were more than 4,000 ransomware attacks daily in 2016, according to Symantec’s Security Response group (Report).
Corey Nachreiner, CTO at WatchGuard Technologies, predicts that 2017 will see the first ever ransomworm, causing ransomware to spread even faster.
Crypto-ransomware is a type of ransomware that encrypts your files and holds them captive until ransom demands are met. Since the release of Cryptolocker in late 2013, Crypto-ransomware has taken off. According to the FBI, cyber criminals used ransomware to steal over $209 million from U.S. businesses alone, just in the first quarter of 2016. Furthermore, a recent ransomware report from Trend Micro shows 172 percent more ransomware in the first half of 2016 than all of 2015.
“In short, bad guys realize ransomware makes money, and you can expect them to double down in 2017,” he says.
To make matters worse, Nachreiner expects cybercriminals will mix ransomware with a network worm. Years ago, network worms like CodeRed, SQL Slammer, and more recently, Conficker were pretty common. Hackers exploited network vulnerabilities and tricks to make malware automatically spread itself over networks.
“Now, imagine ransomware attached to a network worm. After infecting one victim, it would tirelessly copy itself to every computer on your local network it could reach,” he says. “Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.”
Nir Polak, Co-Founder & CEO of Exabeam, a provider of user and entity behavior analytics, agrees that ransomware will move from a one-time issue to a network infiltration problem like Nachreiner describes. “Ransomware is already big business for hackers, but ransomworms guarantee repeat business. They encrypt your files until you pay, and worse, they leave behind presents to make sure their troublesome ways live on,” says Polak.
Earlier this year, Microsoft warned of a ransomworm called ZCryptor that propagated onto removable drives. By placing a code on every USB drive, employees bring more than just their presentations to a sales meeting; they’re carrying a ransomworm — not the greatest impression you want to give a prospect.
Alex Vaystikh, cybersecurity veteran and co-founder/CTO of advanced threat detection software provider SecBI, thinks along those same lines. He says ransomware will become smarter and merge with information-stealing malware, which will first steal information and then selectively encrypt, either on-demand or when other goals have been achieved or found to be unachievable. Although ransomware is an extremely fast way to get paid as a fraudster/hacker, if you are also able to first steal some information before you encrypt the device, you can essentially hack it twice.