Ransomware threat ‘has passed its peak, but remains prevalent’

Ransomware threat 'has passed its peak, but remains prevalent' [Image: D3Damon via iStock]

Cybersecurity is an area of ongoing concern for any modern business, but over the last year or so the issue has taken on greater importance than ever before due to a spate of ransomware attacks affecting organisations across the globe.

Indeed, 2017 was the year that ransomware hit the headlines worldwide, due in large part to the damage caused by the WannaCry cryptoworm, which affected hundreds of businesses and brought the NHS to a standstill for several days. This has led organisations from all sectors to take the threat of this kind of malware more seriously than ever before.

Now, a new report from F-Secure has provided evidence of the degree to which ransomware surged in 2017, as well as offering evidence that the peak of this dangerous trend may already have passed. This does not mean, however, that businesses should be taking the matter lightly.

Why the ransomware trend is on the decline

Ransomware is a form of malicious software that infiltrates a system and encrypts its files, meaning users are no longer able to use their devices or access their own data unless they agree to pay a ransom to the criminals responsible to unlock it.

According to F-Secure's Changing State of Ransomware report, ransomware attacks grew in volume by 415 per cent in 2017 compared with the previous year, with WannaCry accounting for nine out of every ten ransomware detection reports by the end of the year.

In total, 343 unique families and variants of ransomware were discovered in 2017, an increase of 62 per cent over the previous year; however, with the exception of WannaCry, the use of ransomware seemed to decline towards the end of the year, suggesting the "gold rush" mentality surrounding this form of malware among cyber criminals may be tapering off.

F-Secure security advisor Sean Sullivan explained: "The price of bitcoin is probably the biggest factor, as that's made cryptomining a lot more attractive and arguably less risky for cyber criminals. I also think revenues are probably falling as awareness of the threat has encouraged people to keep reliable backups, as has scepticism about how reliable criminals are on delivering their promises of decrypting data."

Why businesses need to remain vigilant

Despite this, the report was quick to note that ransomware remains a considerable cyber security threat. Specifically, it was suggested that tactics may switch to more corporate-focused attack vectors, such as by targeting exposed RDP ports. This method has already been used by the SamSam ransomware family, which has infected several US-based organisations this year.

Additionally, the infamous WannaCry continued to be actively used in the latter half of 2017, with the majority of detection reports coming from Malaysia, Japan, Columbia, Vietnam, India and Indonesia. Businesses need to be vigilant about continuing to protect themselves against this threat, or they could find themselves in a similar predicament to the one famously suffered by the NHS in May 2017.

Mr Sullivan said: "Cyber criminals will always try to pick low-hanging fruit, and they'll return to ransomware if the conditions are right."