Ransomware…yet another reason to lose sleep? The new 2016 Midyear Cybersecurity Report by Cisco warns that organizations are unprepared for future strains of more sophisticated ransomware which is becoming the malware of choice and a highly profitable for the criminals at that!
The report concludes that the next wave of ransomware is expected to be more pervasive and resilient. While current strains typically infect a single computer, future ransomware variants are likely to spread rapidly across networks through vulnerability exploits. The report notes that the new modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. Future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.”
How do you get infected? Lots of options there but a newer one – malvertising (malicious or malware-tainted ads) is likely to become a more common distribution method for ransomware. Adobe Flash vulnerabilities continue to be one of the top targets for malvertising and exploit kits. In the popular Nuclear exploit kit, Flash accounted for 80 per cent of successful exploit attempts.
Cisco also saw a new trend in ransomware attacks exploiting server vulnerabilities specifically within JBoss servers. An astonishing TEN percent of internet-connected JBoss servers worldwide were found to be compromised.
While organizations in critical industries such as healthcare have experienced a significant increase in attacks over the past several months, Cisco reports that all vertical markets and global regions are being targeted. Clubs and organizations, charities, non-governmental organizations (NGOs), and electronics businesses all experienced an increase in attacks in the first half of 2016. It is a combination of fragile infrastructure, poor network hygiene, and slow detection rates providing ample time and air cover for adversaries to operate.
The issue with ransomware is that those infected feel it is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend. The FBI has another view of that suggesting that companies should never concede to the criminal and pay the ransom as it not only fuels the ransomware economy, as criminals see more and more success, but there is absolutely no guarantee that the data will be returned. There have been cases where there were claims that the malware encrypted the data, but instead it has been deleted so paying the ransom still did not result in the data’s return.