One of the scariest cyber security trends of 2015 was the evolution and uptick of ransomware attacks. Ransomware is a type of malware that, once installed on user’s device, will block access to the device until a ransom is paid to the cyber criminal to unlock and remove the malware. The FBI recently reported that Cryptowall, a popular strain of ransomware, netted cyber criminals more than $18 million between 2014 and 2015.
It is true that ransomware campaigns have continuously netted their owners large amounts of profit, and have become highly attractive to the fraud community. However, this rise in prominence has also led to an increase in focus by the anti-virus industry, whose job it is to mitigate the major threats seen in the underground world.
This is why ransomware has evolved drastically over the past 12 to 18 months. Cyber criminals have realized that that the security industry is capable of developing various countermeasures to software-based threats, so simply locking devices for a ransom is easily mitigated and prevented. As a result, cyber criminals have taken ransomware a step further and moved to file encryption, which is much more difficult to resolve via anti-virus software. By implementing file encryption, cyber criminals can ensure that users cannot simply apply a patch and undo the damage done to their device. Affected users are forced to deal directly with the cyber criminal if they have any desire to recover the encrypted information, increasing the probability of an affected user paying the ransom rather than going to a security vendor for help.
Countermeasures to this new approach to ransomware are in the works. Businesses can focus on monitoring network traffic to identify anomalous requests or physical devices to identify suspicious activities on devices, activities like file system access and injection into remote processes. However, these countermeasures are a product of businesses catching up to the cyber criminals. The underground community will always be coming up with new ideas and attack methodologies. They innovate at a faster pace than the business world and are constantly focused on designing new methods to steal anything that can be sold or used for financial gain. It’s up to businesses and consumers to understand these issues and utilize the best tools available to secure themselves and their devices.