Last year I wrote about the evolution of ransomware, from the first floppy drive to the domination of Crytowall, Locky, and Teslacrypt. In the 14 months since that post, the ransomware business has boomed.
Here are just a few of the things ransomware has accomplished in the past year:
- Expanded to Macs and IoT endpoints, as predicted
- Ransomware-as-a-Service became more sophisticated, offering tutorials, tech support, and customization options
- Has been added to other means of attack and is now spreading in unexpected ways
- Became the driver for cybercrime profits by the end of 2016
- Went offline, infecting users who had no Internet connection
- Stepped up into the public space when it took over the San Francisco MTA
- Went prime-time when it was featured on the NBC show Chicago Med
We could go on and on, but you get the idea.
One of the big changes in the past year is the disappearance of Locky and its owners. As of two months ago, Cerber grew to 90% of overall ransomware market share, while Locky diminished to less than 2%. Security specialists believe that Locky's authors have either run into trouble with law enforcement or have found a more profitable venture. And there are definitely more profitable activities out there: the new Jaff ransomware demands $3,300 for file decryption, which is much more than the average $500-$1000 ransom. Incidentally, Jaff is distributed by the same botnet that distributed Locky.
There are some advancements in the fight against ransomware as well. The No More Ransom project was launched in the fall of last year, and it was expanded in early April. People all over the world have come together to help fight against this crime. Advancements in machine learning, multi-level intent analysis, link protection, and other technologies have made ransomware defense more powerful and robust. And the ransomware conversation is so dominant that users are starting to understand that data protection and recovery are as important as network security.
Ransomware changes quickly, and we're sure to see new variants and distribution methods that bring new levels of attacks. Many professionals are expecting to see targeted systemic attacks, which could bring regional utilities and healthcare operations to a halt. If you're protecting one or more networks, be sure to download our pdf, 10 Ways to Stay Safe Against Ransomware and Other Advanced Threats.