Ransomware is still one of the most lucrative weapons in a cybercriminal’s arsenal. This kind of cybercrime encrypts the files on a computer, and blocks access to them until the required ransom is received, generally in the form of bitcoin, an untraceable virtual cryptocurrency.
At a moment when more and more of our daily lives is being carried out in cyberspace, when we are seeing State sponsored attacks as part of an ongoing cyberwar, and when the world’s economy is concentrated in just a handful of companies, ransomware spreads panic thanks to the effectiveness of its results and the low risks involved for the cyberattacker.
1. The paradigm of digital transformation
With over 258,000 new threats detected by PandaLabs every day, the so-called digital transformation implies major new challenges. Cybercrime is now a more active threat than ever. Cyberattacks and financial fraud that use technologies have reached a degree of sophistication hitherto unimaginable.
Online, where it’s easy to become anonymous, people’s trust can be gained with social engineering, making us lower our guard, and laying bare our privacy. Along with these new online habits, we also acquire new platforms like Android, the most widely used operating system in the world. Android’s popularity also makes it the main attack vector to infect and spread ransomware, such as Charger, that is able to hold the data on any smartphone to ransom.
2. State sponsored attacks
There is some suspicion that the two largest attacks in history (WannaCry and Goldeneye/ NotPetya) could have been carried out with the backing of governments (North Korea in the case of WannaCry, and Russia in the case of Goldeneye/NotPetya). Both attacks used ransomware, and had a high capacity of selfreplication, as was also seen in the case of Bad Rabbit, which shared many similarities with the ransomware NotPetya.
As the ransomware was a network worm, any computer infected with WannaCry ended up with its documents held to ransom, and also contributed to its rapid expansion to over 300,000 computers, making use of an old vulnerability in Microsoft Windows to spread, and infect the very core of organizations and businesses.
3. Businesses in the spotlight
Ransomware is a problem affecting an ever higher number of companies, and one that only really comes to light when one of the attacks goes viral, as was the case last year with WannaCry. Today, 18% of the market capitalization of listed companies in the US is the sum of just 5 companies: Apple, Google, Amazon, Microsoft and Facebook.
Bearing in mind that the aim of ransomware is economic gain and that, while it isn’t possible to make off with the money using physical means, there are ways to transfer it from one person to another using new weapons.
As well as the aforementioned crimes, in the last few months we’ve seen several new strategies to get ransomware onto corporate networks, such as the use and abuse of legitimate Windows tools, like PowerShell, to infect computers with Cerber. This was the goal of Crysis/Dharma. In this case, the server executed the Remote Desktop Protocol (RDP), and the attackers used a brute force attack to guess login details and gain remote access. The trend of installing malware using RDP has reached a point of such sophistication that the ransomware itself has its own interface that allows criminals to select the folders whose content is to be encrypted, pick the network computers, self-delete, find email addresses to contact victims, and so on. This is that we saw with the ransomware WYSIWYE, discovered by PandaLabs.
4.The price of attacks
We’ve seen how the democratization of cyberattacks has been made easier by several variables, such as the professionalization of attackers, the evolution of technology, and the ease with which data can be accessed. Although something that has doubtless helped to popularize this kind of threat is the profitability to be gained from carrying them out. Cyberweapons that can be used by attackers to get a juicy reward are sold at budget-friendly prices.
Ransomware attacks are still on the up, and the number will continue to rise as long as victims
keep paying the ransoms.