Ransomware is a problem on the march, not a new phenomenon, but one with a burgeoning reputation as a formidable business (and personal) threat. Whipped into an epidemic by media hype combined with some legitimate high-high profile infections, the mere mention of its name is said to give IT managers a nervous twitch.
Their worries are not without merits; ransomware is on the rise, with 2017 statistics showing it has reached new levels of menace – and it’s growing: 6,000% in 2016 an IBM study found and triple digit increase into 2018.
But what does the future have in store for the latest great threat?
Forecasting the future of ransomware is problematic, rapid technological advances are changing the face of internet security and dynamic social change is influencing our behavior on it. To understand the future perils of Ransomware there are three core elements: (1) The Technology, (2) Our Culture and (3) How these link together.
It has never been easier for hackers to distribute ransomware, nor so many devices for them to target – a trend that is going to grow exponentially. The emergence of RaaS (Ransomware as a Service) combined with cheap outsourcing to hackers, means cybercriminals no longer need any technical skills to attack businesses all over the world. WannaCry was reportedly found on the dark web for as little as $50.
DIY ransomware attacks are abundant and fruitful, harnessing anonymous electronic payments they can remain under the radar from the authorities.
Greater online connectivity, correlates to greater risks and opportunities for cybercriminals. Even if infection rates remain low, large scale deployments can have huge implications, even one infection can spread across networks. It’s no secret that we are increasingly using our mobile phones, laptops and smart accessories to hold sensitive information. Mobile ransomware increased 250% in the first quarter of 2017, combined with the growing threat of malware sitting on unsecured application marketplaces. Early this year it was suspected a Malware called Judy could have infected as many as 36.5 million Android users – Chinese hackers have already began leveraging ransomware on android applications – it seems only a matter of time until a large scale outbreak one of the large marketplaces.
Smart Fridges, Smart Cars, Smart Phones, Smart locks – everything is a computer, if it isn’t yet – it will be. The immersion of The Internet of Things (IOT) into our culture will trigger significant increases in ransomware on general internet users as well as businesses. Many of these are going to be home appliances, which consumers expect to last for several years – which raises another issue of security maintenance once support and patching stops. Afterall, WannaCry, probably the most famous infection of 2017 was a vulnerability borne on unpatched Windows devices. Household applications such as these are expected to last for several years – who is going to keep them secured?
The smartification of everything, 10 years down the line will open-up the very real possibility of large scale vulnerabilities, and an abundance of targets. You can imagine a world, with literally 10s of billions of devices that can be hacked around the clock some critical your lifestyle or business.
Imagine having your car infected and you threatened to have your car thrown into oncoming traffic – how much would you pay? And this isn’t a speculative view on the future, this is happening right now, an unfortunate hotelier in Austria had to cough up ransom after having his hotel smart locks infected, locking every room in his hotel.
Bring your own device (BYOD) workplaces are becoming more and more common and growing at a startling rate. But does this commonality match up to more stringent security protocol from employers? Cloud solutions are only going to facilitate more BYOD workspaces and with that the possibility of infections being brought in from the outside.
One of the great benefits of cloud is the ability to engage anywhere, anytime, but this opportunity comes with risks.
You Can Only Help Yourself
Honda, NHS, FedEx, Honda and even government agencies in the kremlin were among those infected in the WannaCry outbreak. Everyone is a target, no matter how thorough your security protocol there is no way to protect yourself
Ransomware is a contemporary threat, with a classic means of infection. Almost 60% of ransomware was distributed by email in 2017, a 28% growth on last year, typically through malicious attachments. But this is not the only string in the sophisticated hackers bow, who can inject themselves into mail strings and masquerade as third-parties in a strategy termed Business Email Compromise (BEC). Other infection strategies including malicious links to rogue websites, drive by downloads and clickbait malvertisements.
There is no way to completely protect yourself from this threat, if you are online, you will encounter at some point. Advice would be to implement a 3-pronged approach to tackling ransomware.
If you run a business, your employees are your most vulnerable parties and those most likely to cause infection – they are also your first line of defense. Education on ransomware and other viruses is not just a one-off workshop, it’s a continually reviewed and reinforced strategy updating everyone on the latest threats. Be extra wary of invoices, receipts and delivery notifications – these are typical for hackers to use.
- Don’t click suspicious emails
- Don’t download attachments from unrecognized senders.
- If in doubt, ask IT.
A proactive approach to ransomware and viruses at home, or at the work place. This is just super simple internet hygiene – make sure all your software is licensed, uncracked and updated with the latest available patches. Utilize a reputable Antivirus solution and make sure to run updates and scan regularly. Remember, email – will be the most common gateway to infection so it would be desirable to implement thorough spam filtering and if possible, black-listing access to unsafe websites.
The only safety net that’s guaranteed to work. Regular, detailed backups of your important files will ensure that hackers won’t be able to damage you or your business. Ransomware is only effective if regular backups are not kept. Avoid critical data loss, downtime and of course having to pay a ransom.
Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.