Home Blog Ransomware: Trends & Future Outlook Ransomware: Trends & Future Outlook BlueVoyant Share: Facebook Twitter LinkedIn Just when we thought ransomware was passé, it’s making a strong comeback. Ransomware entered the public consciousness in late 2013 when Cryptolocker successfully leveraged digital currency to extort an estimated $27 million from victims. 2016 and 2017 were big years for ransomware, with the devastating global deployment of WannaCry, Petya, and SamSam. The evolution and proliferation of ransomware continued, and even surged, in 2019. Often cybercriminals comb the internet for vulnerabilities to take advantage of the cyber equivalent of the “lowest-hanging fruit.” Once in your network, hackers are incredibly efficient at cultivating new, “live off the land” techniques, designed to avoid detection while penetrating deep into your corporate environment. Threat actors look for organizations and industries that are not prepared with disaster recovery or business continuity plans. Organizations such as municipalities and hospitals, where even an hour of downtime can be catastrophic, have been hit really hard. Attackers also select targets that are not keen to disclose that they have been compromised – this dynamic applies specifically to Managed Security Providers (MSPs). Attackers want to put the victim in the position of having to pay quickly and quietly. The ideal ransomware victim is: Vulnerable – Available for network compromise Unprepared – Missing reliable backups Unable to Work – Urgently in need of recovery Wants Privacy – Inclined to deal discreetly A recently released version of MegaCortex changes passwords on infected machines and threatens to publish the ransomed data if payment isn’t made. This development is key because it undermines the tried and true solution for prepared organizations – data restoration from backups. What is on the horizon? Increasingly sophisticated, targeted operations. Criminals are able to combine ransomware into other schemes like business email compromise (BEC) so they can spam the campaign out from a hijacked inbox. Ransomware has evolved from criminal groups running the whole operation to now encouraging entrepreneurial behavior – “the business of malware.” They create workflows that other people can plug into. B.Y.O.M. – bring your own malware. At BlueVoyant, we’ve seen organizations fail because of an attack for which they were entirely unprepared. Ransomware can destroy a business, especially one without reliable backups and a disaster response plan in place. Read more in Volume One: Trends and Future Outlook Ransomware Response Cycle explainer series. This series will examine the current state of ransomware. This series will primarily focus on the present challenges faced by victim organizations, insurance carriers, and other stakeholders in the ransomware response process. Contemporary case studies from BlueVoyant’s Cyber Forensics and Incident Response Teams will be incorporated to demonstrate the issues that deeply affect the decision-making process of response stakeholders. Read Top 5 Cybercrimes and Prevention Tips for more information and examples on cyber crime. Share: Facebook Twitter LinkedIn Related reading Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
BlueVoyant Share: Facebook Twitter LinkedIn Just when we thought ransomware was passé, it’s making a strong comeback. Ransomware entered the public consciousness in late 2013 when Cryptolocker successfully leveraged digital currency to extort an estimated $27 million from victims. 2016 and 2017 were big years for ransomware, with the devastating global deployment of WannaCry, Petya, and SamSam. The evolution and proliferation of ransomware continued, and even surged, in 2019. Often cybercriminals comb the internet for vulnerabilities to take advantage of the cyber equivalent of the “lowest-hanging fruit.” Once in your network, hackers are incredibly efficient at cultivating new, “live off the land” techniques, designed to avoid detection while penetrating deep into your corporate environment. Threat actors look for organizations and industries that are not prepared with disaster recovery or business continuity plans. Organizations such as municipalities and hospitals, where even an hour of downtime can be catastrophic, have been hit really hard. Attackers also select targets that are not keen to disclose that they have been compromised – this dynamic applies specifically to Managed Security Providers (MSPs). Attackers want to put the victim in the position of having to pay quickly and quietly. The ideal ransomware victim is: Vulnerable – Available for network compromise Unprepared – Missing reliable backups Unable to Work – Urgently in need of recovery Wants Privacy – Inclined to deal discreetly A recently released version of MegaCortex changes passwords on infected machines and threatens to publish the ransomed data if payment isn’t made. This development is key because it undermines the tried and true solution for prepared organizations – data restoration from backups. What is on the horizon? Increasingly sophisticated, targeted operations. Criminals are able to combine ransomware into other schemes like business email compromise (BEC) so they can spam the campaign out from a hijacked inbox. Ransomware has evolved from criminal groups running the whole operation to now encouraging entrepreneurial behavior – “the business of malware.” They create workflows that other people can plug into. B.Y.O.M. – bring your own malware. At BlueVoyant, we’ve seen organizations fail because of an attack for which they were entirely unprepared. Ransomware can destroy a business, especially one without reliable backups and a disaster response plan in place. Read more in Volume One: Trends and Future Outlook Ransomware Response Cycle explainer series. This series will examine the current state of ransomware. This series will primarily focus on the present challenges faced by victim organizations, insurance carriers, and other stakeholders in the ransomware response process. Contemporary case studies from BlueVoyant’s Cyber Forensics and Incident Response Teams will be incorporated to demonstrate the issues that deeply affect the decision-making process of response stakeholders. Read Top 5 Cybercrimes and Prevention Tips for more information and examples on cyber crime. Share: Facebook Twitter LinkedIn Related reading Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant Research: Majority of Firms Have Suffered a Direct Cybersecurity Breach Caused by a Third-Party Vendor October 14, 2021 BlueVoyant commissioned its second annual insightful survey: “Global Insights – Managing Cyber Risk Across the Extended Vendor Ecosystem.” Read more
