Connect with us

Hi, what are you looking for?

OPINIONS

What’s next for ransomware?

David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet  

David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet  

David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet

By David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet

The FBI recently published that ransomware victims paid out US$209 million for only the first quarter of 2016 compared to US$24 million for all of 2015. Ransomware is now completely dominating the threat landscape conversation. Fortinet’s FortiGuard Labs R&D team, for instance, is seeing one new ransomware strain every day.

Historically, there are two types of ransomware − blocking ransomware (which prevents normal use of one’s computer) and crypto ransomware (which encrypts your personal documents, preventing them from being viewed).

In recent times, however, hybrids of these two types of ransomware have started to emerge. For instance, there now exists crypto ransomware that prevent infected computers from accessing some Internet websites until payment is made to the hackers.

The line is also blurring between targeted devices – some mobile ransomware attack both computers and smartphones. And as some smartphones are running on Android OS, we have also started to see some cases (like the FLocker variants) where the infection is  hopping across to IoT devices like smart TVs, with the ransomware demanding things like a $200 iTunes gift card before you can watch your NHL Stanley Cup final.

Advertisement. Scroll to continue reading.

According to Gartner, there will be 6.4 billion connected “things” in use in 2016, rising to an estimated 21 billion by 2020. For attackers, that only means one thing − more potential victims.

Malware evolve over time, and ransomware’s migration from computers to smart devices is a natural step in their evolution. We have seen some lateral movement through the network for SamSam and ZCryptor family samples. Some strains of those malware now show worm-like behavior, spreading themselves to nearby networks. If you compare this to the biological evolution in Darwin’s theory, it’s like the time when fishes leave the sea and start using their fins as feet to walk, exploring uncharted territories.

This evolution is happening sooner rather than later for one simple reason − victims are paying the ransoms asked of them. Not all the victims, but enough to keep this business rolling in money. Without doubt, ransomware authors are running their business like an enterprise, and are reinvesting a substantial portion of their ransom dollars into R&D.

At Risk: Industrial Control Systems, Cloud and Ourselves 

Ransomware infections are already a plague, and you may think how could things possibly get worse.

Advertisement. Scroll to continue reading.

Firstly, there is still one domain that has been untouched by ransomware − Industrial Control Systems (ICS). This software can be found in industrial applications like chemical manufacturing plants, nuclear power plants and electric power generators.

No ransomware infections of ICS systems have been publicly reported so far, but such systems are not as impenetrable to malware as some may think. For example, the Bowman Avenue dam in New York has been the subject of a reconnaissance attack in 2013. Calpine, America’s largest generator of electricity from natural gas and geothermal resources, also had their detailed engineering drawings stolen by hackers.

The current ransomware variants don’t need to achieve anything more than just knocking at the right door. This means the risk of them spreading into Operational Technology (OT) environments in the coming months is real and pretty high. These targets are potentially lucrative for ransomware authors – imagine how much a government will pay to prevent incidents in a nuclear power plant?

Besides ICS, another target for ransomware authors could be the cloud. Today, the cloud is teeming with data, and that naturally makes it an attractive target for hackers.

Recently, for example, Apple announced that they will upgrade their free iCloud accounts from 20Gb to 150Gb. This means that in the coming months or years, in our always-connected world, almost all of our data will be stored in near real-time in the cloud. It’s not difficult to imagine that through some API abuse, cybercriminals will find ways to encrypt our online data and demand ransoms.

Advertisement. Scroll to continue reading.

In such a scenario, the importance of backing up one’s data cannot be overstated. Some best practices include regularly backing up your data and storing those backups offline in a separate device, segmenting your network into different security zones so that an infection in one zone cannot easily spread to another, and having a failover plan that will keep things running for a while (even if in a limited fashion) when your computer systems or network is being rectified.

On Fortinet’s end, we will continue to do research to bring new approaches to combating emerging threats − like improving detection and response, and developing counter-measures through new prevention models.

In the longer term, a nightmarish scenario could await ransomware victims. In May 2010, a British scientist demonstrated that medical implants on humans can be infected with computer viruses.

It is not unforeseeable that the day may come when ransomware could prevent you from using your prosthetic arm or leg, or threaten to stop your pacemaker. Is this science fiction? Judging from how far ICT technologies have come, and how ingenious hackers can be, perhaps not.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

HEADLINES

This development marks a major step forward in Globe's long-standing #PlayItRight advocacy to help promote and protect the country’s ₱1.6-trillion creative industry from the...

HEADLINES

Spoofing is a technique where fraudsters impersonate SMS channels to deceive recipients. The practice has seen a marked rise, especially in Metro Manila, with...

Advertisement