Ransomware remain a top cybcersecurity threat to this day. To target large enterprises and organizations, ransomware employ new routines that put valuable and even critical data at great risk.
Ransomware operators have not only improved the capabilities of malware but have gone to produce increasingly threatening ransom notes that include that of bitcoins. One such service that is still recovering from the aftermath of WannaCry is London’s Barts Health NHS Trust that is still cancelling patient appointments and operations to ensure that all services were “running safely.”
Such incidents leave victims no other alternatives but to adhere to the demands of cybercriminals and regain back critical files and systems. As new and improved ransomware variants continue to be seen, will we ever see the end of the ransomware scare soon?
It will not be surprising if ransomware change in a few years, according to Trend Micro’s Ransomware: Past, Present and Future. In terms of potential, they can evolve into malware that disable entire infrastructure (critical not only to a business’s operation but also a city’s or even a nation’s) until the ransom is paid.
Cybercriminals may soon look into approaches like hitting industrial control systems (ICS) and other critical infrastructure to paralyze not just networks but ecosystems.
Payment systems a big target
A key area that could become a bigger target for cybercriminals are payment systems, as seen with the Bay Area Transit attack in 2016 where the service provider’s payment kiosks were targeted with ransomware.
We have seen ransomware operators hit hospitals and transportation service providers. What would stop attackers from hitting even bigger targets like the industrial robots that are widely used in the manufacturing sector or the infrastructure that connect and run today’s smart cities?
Online extortion is bound to make its way from taking computers and servers hostage to any type of insufficiently protected connected device, including smart devices, or critical infrastructure. The return on investment (ROI) and ease with which cybercriminals can create, launch, and protect from this threat will ensure it continues in the future.
Security solutions that incorporate a cross-generational technology approach that combines reputation-based analysis with other anti-ransomware capabilities like whitelisting and application control, behavioral analysis, network monitoring, vulnerability shielding, and high- delity machine learning can better protect companies while minimizing the impact on their computing resources.
Variants like TorrentLocker can evade gateway detection with the use of legitimate URLs that redirect to ransomware-hosting web pages. To address these, a layered approach at the gateway is needed. This includes messaging and web gateway security solutions that can detect ransomware and phishing emails (with weaponized attachments or embedded malicious URLs) as well as a sandbox technology for les and web pages.
Patcher and similar families, which can encrypt les even on non-Windows computers, can be thwarted with the aid of mobile security apps that analyze malicious mobile apps and Unix-based solutions that can scan for malicious URLs or les on non-Windows-based systems.
Servers and networks that can be affected by ransomware like WannaCry, meanwhile, can stay protected with security products designed for physical, virtual, or cloud-based servers that include technologies to detect malicious URLs or les associated with ransomware.