CybersecurityThe past, present, and future of ransomware

Published 13 April 2016

The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back — and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we are seeing ransomware evolve at an alarming rate.

The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back — and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. Cisco says thatas a result of this weare seeing ransomware evolve at an alarming rate.

Cisco researchers have posted a blog post which explores traits of highly effective strains of self-propagating malware of the past, as well as advances in tools to facilitate lateral movement. This research is important as the researchers expect adversaries to begin utilizing these capabilities in ransomware going forward. The blog post focuses on two avenues of thought — that our past is chock full of successful malware, and that successful cyber extortionists will look to the past to create new and evolving threats going forward.

Ransomware as we know it today has a sort of “spray and pray” mentality; they hit as many individual targets as they can as quickly as possible. Typically, payloads are delivered via exploit kits or mass phishing campaigns. Recently a number of scattered ransomware campaigns deliberately targeting enterprise networks, have come to light. The researchers say they believe that this is a harbinger of what’s to come — a portent for the future of ransomware.

Traditionally, malware was never terribly concerned with the destruction of data or denial of access to its contents; with few notable exceptions, data loss was mostly a side-effect of malware campaigns. Most actors were concerned with sustained access to data or the resources a system provided to meet their objectives. Ransomware is a change to this paradigm from subversion of systems to outright extortion; actors are now denying access to data, and demanding money to restore access to that data. The Cisco blog post discusses the latest ransomware trends as well as how to defend your enterprise against this threat.

— Read more in Ransomware: Past, Present, and Future (Talos Intel, April 2016)