Ransomware ‘Gold Rush’ looks finished, but threat remains warns F-Secure

Thanks to Bitcoin.
Author:
Publish date:
Social count:
45
F-Secure report finds that a decline in other types of ransomware signals a potential shift in the malware’s use by cyber criminals.

F-Secure report finds that a decline in other types of ransomware signals a potential shift in the malware’s use by cyber criminals.

A new F-Secure report finds that ransomware attacks exploded in 2017 thanks to WannaCry, but a decline in other types of ransomware signals a potential shift in the malware’s use by cyber criminals.

Ransomware attacks grew in volume by over 400 percent in 2017 compared with the previous year, the cybersecurity firm said. In a new report, the company attributes this growth to the WannaCry cryptoworm, but notes that other ransomware attacks became less common as the year progressed, signalling a shift in how cyber criminals are using the malware.

The company's "The Changing State of Ransomware" report finds that ransomware evolved as a threat considerably during 2017. Prevalent threats during the year included established ransomware families like Locky, Cryptolocker, and Cerber. But it was WannaCry that emerged as the most frequently seen ransomware threat accounting for 90 percent of the ransomware detections last year.

But while the WannaCry ransomware family remained prevalent in the second half of 2017, the use of other ransomware by cyber criminals seemed to decline. It’s a phenomenon that F-Secure Security Advisor Sean Sullivan says points to amateur cyber criminals losing interest in ransomware. “Ransomware gold rush mentality is over," said Sullivan but observed that "hard core extortionists were continuing to use ransomware, ... because WannaCry showed everyone how vulnerable companies are.”

 Comparison between # of detection reports for WannaCry vs. other ransomware based on percentage of total # of ransomware detections in 2016-2017.

 Comparison between # of detection reports for WannaCry vs. other ransomware based on percentage of total # of ransomware detections in 2016-2017.

The cybersecurity advisory notes that while there were signs of ransomware declining as 2017 closed, there’s also evidence suggesting that ransomware use will gravitate to more corporate focused attack vectors, such as by compromising organisations via exposed RDP ports. The SamSam ransomware family is known to use this approach and has already infected several US-based organisations this year, including the city of Atlanta’s IT systems in a recent attack.

According to Sullivan, there are several factors that are contributing to the apparent change in how ransomware is being used. “The price of bitcoin is probably the biggest factor, as that’s made crypto mining a lot more attractive and arguably less risky for cyber criminals.”