Ransomware increased by 10 percent from October to November, according to a report from Check Point. Nathan Shuchami, head of threat prevention at Check Point, told Beta News:
Ransomware attacks are still growing in volume for a simple reason -- they work, and generate significant revenues for the attackers. Organizations are struggling to effectively counteract the threat posed by this insidious attack form. . . . This, of course, only makes it even more attractive to criminals.
This is one reason why so many security professionals have told me they expect ransomware to continue to plague us well into 2017. We thought 2016 was the Year of Ransomware? We may have seen nothing yet, as James Litton, CEO of Identity Automation, predicts 2017 will take that crown, telling me that when you combine ransomware with a strong phishing campaign, it is still an extremely effective method for gaining and maintaining access into corporate networks.
Expect to see the evolution of ransomware in the coming months. Here are a few changes we can expect to see in 2017:
- Ransomware gets an IQ. According to Chris Morales, head of Security Analytics with Vectra Networks, ransomware currently targets an organization’s files, but because it provides the fastest way for an attacker to monetize an attack through untraceable Bitcoin, ransomware attacks will grow more intelligent by targeting high-value digital assets, including surveillance cameras, phone systems, security systems and other business IoT devices.
- Ransomware gets physical. Expect to see a shift in ransomware targets, Michael Sutton, CISO of Zscaler, told me. Ransomware authors will next train their sights on vulnerable internet-enabled hardware devices. In this next phase of ransomware, he added, encrypting data will be replaced with extortion via disabling physical systems.
- From ransomware to ransomworm. In 2017, ransomware will move from a one-time issue to a network infiltration problem, according to Nir Polak, CEO of Exabeam. While ransomware has proven itself to be very profitable for cybercriminals, ransomworms guarantee repeat business by encrypting your files until you pay, and worse, leaving behind “presents” to make sure their troublesome ways live on. Polak went on to tell me that Microsoft warned of a ransomworm earlier this year called ZCryptor that propagated onto removable drives. By placing a code on every USB drive, employees bring more than just their presentations to a sales meeting, they’re carrying a ransomworm -- not the greatest impression you want to give a prospect.
As we see, no one expects ransomware to level off in 2017. As Mandeep Khera, CMO of Arxan, said to me in an email comment:
Ransomware will continue to bear fruits – for the hackers, that is. It’s a low-hanging fruit. Hackers have realized these are easy pickings as consumers and companies would rather pay and not deal with the hassles and loss of productivity.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba