Insiders, experts, and pundits have weighed in on the future of ransomware. Sorry to say, but it is looking pretty bleak. The already potent attack vector is still roaming around unchallenged. Poor defenses, gaping vulnerabilities and current data handling practices still puts thousands of businesses at risk every day. Cybercriminals are exploiting some of the most basic crutches of businesses like lack of budget and technical know-how to maximise the amount of damage they can do while simultaneously maximising the amount of money they can extort from businesses and individuals alike.
Budget is a key issue when dealing with ransomware. The sad truth is that the vast majority of businesses have and will continue to underestimate the amount of money that should be dedicated to building an air tight security system. Instead businesses have mostly been acting on a reactionary basis. This may be a logical when taking a “fix only what is broken approach”, but it’s different when a company’s systems are actively being breached by a criminal. The criminals are not there to merely cause havoc to a system, they are usually looking to extract data. Once a system has been penetrated by a ransomware attacker it is too late.
Businesses who lack the technically proficient employees required to keep up with the ever evolving attack methods of cybercriminals undoubtedly have massive gaps in their security systems. Sure, once upon a time, their systems may have been state of the art (most likely when they purchased them), however as time goes on new exploits are created by attackers, the security community responds by creating updates and patches, and this is where businesses often fall short. Often times businesses lack the in-house talent to properly install and implement these patches and updates (ironically the vast majority of these are free to download). The gaps in security created by unpatched software only gets bigger over time and makes a breach all but inevitable.
While businesses need to step up their security game in a big way, there is still the other side of the equation that must be considered. Ransomware attackers are nothing if not efficient. They do not rest on their laurels. They know that the majority of businesses are ill equipped to handle their type of attack and are prolific at coming up with new methods of penetration, information gathering and infection. By the looks of it, ransomware attacks are changing and evolving even as you read this. In the past, cybercriminals have relied on a less efficient way of distributing their exploits. Using a “spray and pray” approach using mass phishing campaigns, the attackers would send out loaded emails to as many people within businesses as they can, in the hopes that one or more of these unsuspecting employees will open the email and download the attached file in which a malware or Trojan has been embedded. Even though ransomware attackers have extorted countless millions using this methodology, they have deemed it far too inefficient and are starting to convert their tactics to that resembling a sniper.
This time around the weapon of choice will not be a widely distributed email or exploit, but will be a highly dedicated, highly focused self-propagating ransomware. It has been dubbed a cryptoworm and it is a really, really big problem for those concerned with system security everywhere. Self-propagating ransomware is not new, certain aspects of it have been used in attacks for nearly a decade now, but in cryptoworms this technology and method has been distilled and refined. Cryptoworms not only have the ability to infiltrate a system and move within it vertically, but it also has the ability to move across systems laterally using a code and infiltration methods similar to those seen in Conficker and SQL Slammer worms.
While these two exploits are considered by many in the industry to be “old school” methods (Conficker was active in 2008, while SQL Slammer was causing a mess since 2003), they attack vectors are still potent due to the gaping, unpatched loopholes found in systems of many businesses. It seems that ransomware attackers are familiar with the old adage “don’t reinvent the wheel”, because they are now repurposing old, yet highly efficient, threats and baking them in to new exploits like cryptoworms.