Understanding what is ransomware and why does it pose serious cybersecurity concerns

As we keep updating our cybersecurity measures, ransomware operators too have realized that there are alternative ways of monetizing the data they have encrypted.  This can be cited as one of the main reasons ransomware attacks grew by 118 percent in the first quarter of 2019. And with the increase in the cybercriminals and affordability of the hacking code, ransomware activities will continue to proliferate in 2020 too. According to a research report, the most common target areas include entities engaged in public services such as municipalities, schools, and healthcare providers. When the demands are not met, perpetrators have published confidential information.

The report also mentions that the nature of attacks is changing, with more focus on enterprises (rather than individual consumers), larger payment demands, and more targeted approaches deployed. The aggression of the attackers and the value of the impact on businesses is also more pronounced. Also, the emergence of Ransomware-as-a-Service (RaaS) is enabling scaling of ransomware services through the dark web.

Origins

Ransomware is a malicious software attack in which the attacker locks and encrypts the victim's data and then demands a payment to unlock and decrypt the data. Besides, it can cause downtime, data loss too. It first originated in 1989, code-named AIDS, or the PC Cyborg Trojan. The ransomware was sent mostly to people who are associated in the healthcare industry using a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and the files on it and demanded the user to 'renew their license' with 'PC Cyborg Corporation ' by sending US$189 or US$378 to a post office box in Panama.

WannaCry

But this term made massive shockwaves around the world and entered the public lexicon when ransomware, "WannaCry" rolled on Friday 12 May 2017. It took down systems associated with world government organizations, public transportation, national telecommunication companies, global logistic companies, and multiple universities across 150 nations, causing estimated damage of US$ 4 billion. However, WannaCry was a scattergun attack; i.e., it did not target any specific entity or individual. That didn't mean it was not deadly. This ransomware demands US$300 in bitcoin for unlocking encrypted files – a price that doubles after three days. Russia suffered the highest loss due to WannaCry targeting Russian banks, telephone operators, and even IT systems supporting transport infrastructure.

Key Trends

According to the latest data sourced from various news articles, reports here are some of the key trends we can see in ransomware:

• Most of the ransomware attacks are on small and medium scale businesses, who are less likely to be well-defended and prone to an active infection.

• Publication of victim files will become more popular as the prices demanded by perpetrators keep increasing. Further, there is also the possibility of auctioning the stolen data. E.g., earlier this year, REvil began auctioning data which it claims was stolen from Canadian agricultural company Agromart Group, which includes Sollio Agriculture and promised there would soon be more victims to highlight.

• Healthcare Industry will continue to get the main target for the ransomware attacks. This is ironic since most of the perpetrators assured not to try and hit healthcare organizations, amidst

• COVID-19.The market for Ransomware as a service (RaaS) will flourish as it is the perfect way for inexperienced cybercriminals to get started in this cybercrime. Currently, even the underground black market forums are flooded with ads for different RaaS offerings at all price points. Sometimes, the sellers provides full tech support which teaching the attacker how to execute an attack. The purchased code is then further modified by the purchaser. This is to ensure that the security products which may have seen and prevented the original code will likely fail to do the same with the modified version.

• Increased partnership with other cybercriminals. The ransomware gangs have discovered that they could conduct more coordinated and evasive attack campaigns by teaming up with other malware agents like banking Trojans and remote-access tools (RATs). E.g. In March, security researchers uncovered a website that claimed to be the legitimate download portal for a system utility that improves the performance of Windows systems. In reality, the fake software downloaded two files onto a victim's machine. One of the files, "file2.exe," dropped a "coronavirus ransomware" payload that encrypted a victim's data. This threat provided cover for Kpot-a password-stealing Trojan dropped by "file1.exe", which stole a victim's information and then uploaded it to a remote server under the attackers' control.

Though this is the nascent phase for ransomware it has had a tremendous notorious impact on the world and cybersecurity industry. While new strains of ransomware are being developed and launched worldwide, people still struggle with old threats like WannaCry to date.