Ransomware distributors will increasingly target Linux servers and malicious hackers are shifting back to old school methods of attack, and those are just some of the things that midmarket CIOs need to be concerned about when it comes to the future of ransomware.
But surprisingly, the news about ransomware isn't entirely bad. The worldwide ransomware epidemic—which began to heat up in 2014—has led to at least one unintended benefit for CIOs, according to Jack Danahy, a data protection expert and co-founder of Barkly, a well-known endpoint protection company. Danahy says that by stepping up efforts to defend against ransomware, CIOs will also be guarding against several other kinds of threats.
"Ransomware has made the impact of weak security very real, and very visible," Danahy said. "By addressing these inadequacies, ostensibly in pursuit of blocking ransomware, these teams will also be blocking credential stealers, worms, APT's and a host of other, less easily displayed, malicious packages. The costs of ransomware, if they now result in a more universal acceptance of a need to do more, are going to be trivial in comparison to the benefits that they've driven."
Based on burgeoning trends, here are five predictions about the future of ransomware that every CIO should know about:
1. Expect more attacks against Linux systems
Antivirus software firm Carbon Black recently analyzed more than a thousand ransomware samples and found that Linux systems are being targeted far more often than in the past.
"Based on the direction ransomware is trending in our sample set, we believe ransomware will increasingly target Linux systems in an effort to further extort larger enterprises," Carbon Black researchers wrote in summary report. "For example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price. We have already observed attacks hitting MongoDB earlier this year which provide an excellent foreshadowing."
2. Cybercriminals to bypass end users
Increased awareness about ransomware and other cybersecurity threats has prompted many businesses to educate employees on the dangers of things like clicking on suspicious links or opening unexpected email attachments. But cybercriminals are responding by looking for ways to infect computers without any interaction with the end user. For example, some use old school techniques like Remote Desktop Protocol (RDP) brute force attacks. Others are using remote execution exploits like EternalBlue, which was initially developed by the National Security Agency. Hackers eventually got their hands on EternalBlue used it to launch the massive WannaCry ransomware attack that infected hundreds of thousands of computers around the world, according to Barkly.
3. Cybercriminals continue to live off the land
Malicious hackers are relying on system tools that come preinstalled with business software to launch ransomware attacks against businesses—and that trend is expected to continue well into the future, according to a recent report from IT security firm Symantec.
This approach is particularly dangerous because many of the tools used in living-off-the-land attack scenarios are ubiquitous and, as a result, it's not always easy to block access to them. Such tools also allow attackers to hide in plain sight, according to Symantec.
"Documents with macros, VB scripts, PowerShell scripts, or the use of system commands, such as netsh commands, all fall under the living off the land specification," the report reads. "The same is true for memory only shellcode dropped by an exploit, which does not write any files on disk, and attackers brute forcing the password for RDP access."
4. Ransomware will become more targeted
Carbon Black also predicts that malware developers will ditch "spray and pray attacks" in favor of ransomware designed to target specific companies or industry verticals such as healthcare, legal and accounting.
"There is already ransomware that targets databases, preying on businesses, and small tweaks to their code can target critical, proprietary files such as AutoCAD designs," the Carbon Black analysis reads. "A focused targeting of extensions can allow many ransomware samples to hide under the radar of many defenders."
5. Ransomware will steal your business data
Many midmarket companies refuse to pay the ransom when they're attacked because they have reliable data backups, according to Eric Vanderburg, Eric Vanderberg, vice president of cybersecurity at TCDI, a computer forensics and IT security firm. That's why cybercriminals are looking to increase profits by designing ransomware that either exfiltrates business data or serves as a smokescreen for data exfiltration operations.
Once the proprietary or sensitive personal data is exfiltrated, cybercriminal can sell it on the black market or threaten to make it public in unless a higher ransom is paid.
"The primary differentiator between current ransomware and ransomware that exfiltrates data is the time required," Vanderburg explained. "Encryption can take place relatively quickly, but data exfiltration takes more time, especially when data must be throttled or limited to small periodic transfers to appear normal to network security systems. But increased traffic also provides more opportunities for the data to be tracked back to attackers, so this approach comes with additional risk for cybercriminals."