Ransomware Analysis Suggests A Bleak Future

Uploaded on 2017-10-19 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The future of ransomware does not offer any good news, as analysis shows new tactics and advances made by its perpetrators.

According to analysis by Carbon Black’s Threat Analysis Unit of 1000 ransomware samples, researchers found that ransomware will increasingly target Linux systems and look to conduct SQL injections to infect servers and charge a higher ransom price.

The research also found that ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare and tax preparers rather than 'spray and pray' attacks we seen commonly now.

Speaking to Infosecurity, Rick McElroy, security strategist at Carbon Black, said that often, ransomware operators have support networks that “have enabled anyone to do ransomware.”

He said: “In 2018 it will be more targeted and as we learn more information we can better join the dots up.”

In terms of other future trends, Carbon Black found that ransomware will take the extra step of exfiltrating data prior to encryption, and emerge as a secondary method when initial forms of attack fail, and be used as a smokescreen to distract from other attacks.

“We have to do more to raise awareness to see the problem, not only on the way that this is to be done as a distraction, but how tools like DDoS have been used and the trend will grow,” McElroy said.

The other trends were that ransomware will be used more commonly as a false flag, as seen with NotPetya, and finally that ransomware will increasingly leverage social media to spread, enticing victims to click links.

Andrew Hay, CTO of Leo Cyber Security, told Infosecurity: “In my experience, ransomware is more opportunistic than targeted. Only after a foothold is established, and the attacker realizes a particular target is worthwhile, will it evolve into a more targeted activity.

“Spray and pray is still the preferred mechanism for ransomware.”

Infosecurity:

You Might Also Read:

Stolen Nude Photos & Hacked Defibrillators: Is This The Future Of Ransomware?:

A New Form Of Ransomware  Attacks UK Hospital:

« Could the US Use A Cyber Attack To Take Down N. Korea?
Facebook's Algorithm And Russian Ads »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.