Trends in Cybersecurity: Popularity of Ransomware
The issue of cybersecurity has become more prevalent in recent years. Hackers are finding new ways to adapt to the ever-changing technology market, and with every step forward in the innovation of technology, cybercrime takes a leap. What were the predicted trends for 2017, and have they come into fruition during the first few months of the year?
This article is part of a four-part piece which will be posted in subsequent weeks.
PLEASE NOTE: This article was originally posted on 7th June 2017. Since first publish, a new strain of Ransonware/Malware has been released on the 27th June 2017, dubbed ‘Petya’. This is a developing story, but a summary can be found here.
Popularity of Ransomware
A key prediction for 2017 was the rise of Ransomware, which has been growing in status for some time. Ransomware is a favourable exploit that encrypts content, making it unsalvageable and unrecoverable unless a ransom is paid by the victim to the hacker. Trend Micro predicted that ransomware would experience a 25% growth in 2017. Due to the advancement of internet-connected devices, it is now possible for cybercriminals to get control of a wide array of technologies – thermostats, mobile phones and televisions to name a few.
These cybercriminals are also getting smarter; they are no longer targeting multiple individuals at once, but launching focused attacks on executives and others who are in authority and more likely to pay to protect valuable corporate or personal information. In addition to this, cybercriminals have turned victims into attackers by offering a pyramid-scheme discount. If a victim passes the malware link to two or more people who subsequently install the file and pay the fee to release their device, the original victim has their access re-instated for free.
It was predicted by the second half of 2017, that the ascension of ransomware would be stalled somewhat by the release of anti-ransomware technologies. Kaspersky and Trend Micro have already released technologies of this type, and it is anticipated that many more will follow. This action, combined with law enforcement clamping down on cyber criminals, should reduce the volume and effectiveness of ransomware attacks by the end of 2017.
For the interim, individuals who are the target of ransomware attacks will need to decide for themselves if they actually pay the fee, due to the potential catastrophic implications if they don’t. There have been a number of headline-grabbing attacks within the first half of the year.
WannaCry ransomware attack – May 2017
The most recent, and headline-grabbing of these attacks hit in May 2017, affecting 200,000 computers in over 150 countries. The origin of the attack remains unknown , but it worked by using leaked NSA software (leaked in April 2017) to exploit a flaw in Windows XP and Windows 7. A patch for the flaw was released shortly after the software had been leaked, but many had not updated their systems to include it at the time of the attack. The widespread effects of the attack were serious, and it has been branded ‘the worst-ever ransomware attack’; affecting the UK’s National Health Service, global parcel courier FedEx, Car manufacturer Renault and Japanese electronics manufacturer Hitachi as well as countless others.
A ‘kill switch’ was found and deployed by a 22-year-old from south-west England who works for Kryptos logic, an LA-based threat intelligence company. He registered a domain that had been buried deep in the code, which actually halted the spread of the malware.
Details of the attack are still being revealed, and there is much speculation regarding who was involved. However, the attack is a clear sign that ransomware shows no sign of reducing in popularity just yet.
Texan Police Ransomware attack – December 2016
At the end of December 2016, a police department in the town of Cockrell Hill, Texas suffered a ransomware attack on their system, asking for $4,000. They refused to pay, and in an article published in February 2017 it was revealed they had lost eight years’ worth of digital evidence as a result. The FBI and the police department’s IT support staff had determined that the best way to remove the virus was to wipe the server, destroying all Microsoft Office documents – including Word and Excel files – as well as all bodycam video, some photos, some in-car video, and some police department surveillance video, dating back as early as 2009.
There were numerous attacks reported in January 2017 alone.
Missouri Library Ransomware attack – January 2017
In the first, hackers demanded $35,000 from the Library Authority of St Louis, Missouri. They refused to pay, and their technical team subsequently spent 48 hours attempting to reinstate access to the servers to 700 computers in 16 locations.
Romantik Seehotel Jaegerwirt, Austria Ransomware attack – January 2017
Secondly, the four-star Austrian hotel Romantik Seehotel Jaegerwirt suffered an attack. Cybercriminals exposed the hotel’s electronic key system, as well as the computer network. This impacted on the hotel’s ability to provide key cards to the hotel’s checking-in guests. The hotel’s owner felt like they had no choice but to pay the ransom – $1,603 in bitcoins – to resolve the issue. Fortunately for them, the attackers did restore access to the electronic key system, as well as all computers.
Washington DC Police ransomware attack – January 2017
Thirdly, Washington DC’s police were locked out of 123 of their 187 CCTV cameras, just days before the inauguration of Donald Trump. It was possible for their technology partner, OCTO to wipe the software and re-install it without having to pay the ransom. Whilst the issue was isolated to the CCTV cameras alone, without compromising any other aspect of the police network it is still a stark reminder of the power cybercriminals now have.
Mongo DB ransomware attack – January 2017
Finally, roughly 27,000 MongoDB databases were compromised and wiped in the same month. It started out small, but quickly skyrocketed into tens of thousands. In each instance, the hackers demanded between 0.2 Btc (£150) and 1 Btc (£752) in ransom and targeted poorly secured databases. There were a number of reports of people paying the ransom fee, but never actually getting their data returned. This attack was quickly followed by a breach to around 3000, then a further 2000 ElasticSearch servers. Hackers targeted insecure servers exposed to the internet with weak and easy-to-guess passwords.
There is still ample time for cybercriminals to continue to exploit security vulnerabilities within organisations in order to carry out ransomware attacks, and only time will tell whether this problem will get better, or worse through the remainder of 2017. Early indications show that this may get worse before it gets better.
Are you looking for a new role within cybersecurity? Click here to see our current global vacancies!