F-Secure’s new report “The Changing State of Ransomware” reveals a ransomware threat landscape that may remind you of a ghost town. The lure of big cash of the gold rush has moved elsewhere, and so have the crooks. But if you have gold, watch out.
Trojans that take files hostage in exchange for payment in bitcoin seemed to explode from almost nowhere at the beginning of the decade. But the threat finally slowed in 2017.
“The last couple of years saw cyber criminals developing lots of new kinds of ransomware, but that activity tapered off after last summer,” Sean Sullivan, F-Secure Security Advisor, explained. “So it looks like the ransomware gold rush mentality is over, but we already see hard-core extortionists continuing to use ransomware, particularly against organizations because WannaCry showed everyone how vulnerable companies are.”
This is bad news if you’re a large business or institution. If you’re a home user, this is probably good news but you’re still likely to be targeted by threats like cryptomining or cryptojacking.
“The price of bitcoin is probably the biggest factor, as that’s made crypto mining a lot more attractive and arguably less risky for cyber criminals,” Sean said. “I also think revenues are probably falling as awareness of the threat has encouraged people to keep reliable backups, as has skepticism about how reliable criminals are on delivering their promises of decrypting data.”
We are now in a transition period that gives us a chance to take a look around. Here are three strange facts about ransomware from our new report to help us figure out what’s going on now.
- Ransomware variants stopped growing exponentially in 2017.
There was only one ransomware family discovered in 2012. In 2016, approximately 200 new ransomware families or unique variants were discovered. In 2017, 343 new types of ransomware emerged. This was a 62 percent increase over the previous year. Significant nothing like the quadrupling of threats we saw from 2015 to 2016.
- Ransomware attacks in 2017 increased by 415 percent compared with 2016.
The increase was driven by the WannaCry outbreak, which saw the ransomware quickly spread through networks.
- By the end of the year, 9 out of every 10 ransomware detection reports received was WannaCry.
This is why we’re calling Wannacry the “new Downadup/Conficker.” Downadup appeared a decade ago and still attempts to infect millions of devices per year. In the months following May’s outbreak, many variations of WannaCry begin to circulate. Some variants retained WannaCry’s propagation method without actually encrypting the files,making the impact less noticeable for victims. But these variants still result in downtime and service outages due to the worm’s bandwidth consumption.
If you’re still in an organization with lots of files to protect, you’re still a likely target for ransomware. And even if you aren’t that doesn’t mean this is a good time to put your guard down.
“Cyber criminals will always try to pick low hanging fruit, and they’ll return to ransomware if the conditions are right,” Sean said.
In addition to regular backups, a robust internet security solution with multilayered protection is key to protecting against modern malware threats often spread through email attachments or vulnerabilities in unpatched software.
F-Secure SAFE now includes a unique Ransomware Protection feature that will be ready if the gold rush begins again.