Arguably, one good thing to come out of the recent spate of crippling ransomware attacks is a wider adoption of ransomware detection and prevention solutions. Third-party ransomware specialists are providing quality solutions that help you spot ransomware attacks early and mitigate the damages that they can cause.
Unfortunately, as these prevention solutions evolve, so too do the ransomware attacks themselves. In 2018, we’re likely to see ransomware attacks that are unprecedented in their sophistication, near-impossible to detect and painful to recover from. Ransomware attackers know that their best weapon is to evolve in unpredictable ways. So, let’s take a look at some of the ways in which ransomware is likely to change in 2018.
1. Ransomware in the Attachments
By far the most common form of ransomware attack is through malicious links contained within the body of phishing emails. These kinds of emails still catch out many people and will continue to be the go-to method of attack. However, due to the vast number of ransomware attacks that originate in this way, people are starting to wise up to them and avoid clicking the links.
To switch it up, some attackers are attaching documents, usually in PDF or Word format, that contain a script that launches ransomware upon being opened. As this is still fairly new, people are clicking on it. It’s usually accompanied with some tempting text saying something along the lines of, “We’ve attached your payslip.” We expect this method to become more widely adopted throughout 2018.
2. More Sophisticated Levels of Encryption
It stands to reason that the more ransomware attackers develop their code-writing skills, the better they are going to be at encrypting the data. Many ransomware attacks can be reversed because of errors made during the encryption process, such as using a predictable number generator for a key. It’s through mistakes like these that enable many attacks to be easily decrypted. However, attackers are learning and developing so this way out of an attack could be a thing of the past.
3. Delayed Attacks
Hyder Rabbani, COO at CyberSight, predicts that we will see more of a style of attack he refers to as “laying of Easter eggs.” This is a method in which the ransomware attack is delayed after the original infection has taken place. The benefit of this from an attacker’s perspective is that it gives the malware time to spread through the network before the encryption begins, causing maximum damage without the risk of being detected early.
4. Lengthened Encryption Times
Along the same lines as delaying the attacks, attackers are getting better at spreading out the length of the ransomware attack to avoid detection. This is an effective method of attack as many new ransomware detection solutions employ threshold alerting capabilities; where flags are raised if a large number of files are modified over a small period of time. By spreading out the attack, it makes it look less like an attack and more like normal activity, which automated solutions find difficult to detect.
5. More Intelligent Attacks
In general, we expect ransomware attacks to increase in intelligence, causing more widespread damage and crippling more businesses than in 2017. A few ways in which this could be done include multi-threaded attacks and polymorphic code. Ransomware code can be developed in such a way that it launches multiple attacks within the system to speed up the encryption and cause as much damage as possible in the shortest period of time. Attacks originating from more than one place within the system can be more difficult to stop. You may be able to catch a few of them, but all of them? Unlikely.
These are just a few of the ways we believe ransomware will change in 2018. If you don’t already have a solution in place to detect and prevent the spread of ransomware in your systems, then now is the time!