Home Blog Ransomware: Trends & Future Outlook Ransomware: Trends & Future Outlook BlueVoyant Share: Facebook Twitter LinkedIn Just when we thought ransomware was passé, it’s making a strong comeback. Ransomware entered the public consciousness in late 2013 when Cryptolocker successfully leveraged digital currency to extort an estimated $27 million from victims. 2016 and 2017 were big years for ransomware, with the devastating global deployment of WannaCry, Petya, and SamSam. The evolution and proliferation of ransomware continued, and even surged, in 2019. Often cybercriminals comb the internet for vulnerabilities to take advantage of the cyber equivalent of the “lowest-hanging fruit.” Once in your network, hackers are incredibly efficient at cultivating new, “live off the land” techniques, designed to avoid detection while penetrating deep into your corporate environment. Threat actors look for organizations and industries that are not prepared with disaster recovery or business continuity plans. Organizations such as municipalities and hospitals, where even an hour of downtime can be catastrophic, have been hit really hard. Attackers also select targets that are not keen to disclose that they have been compromised – this dynamic applies specifically to Managed Security Providers (MSPs). Attackers want to put the victim in the position of having to pay quickly and quietly. The ideal ransomware victim is: Vulnerable – Available for network compromise Unprepared – Missing reliable backups Unable to Work – Urgently in need of recovery Wants Privacy – Inclined to deal discreetly A recently released version of MegaCortex changes passwords on infected machines and threatens to publish the ransomed data if payment isn’t made. This development is key because it undermines the tried and true solution for prepared organizations – data restoration from backups. What is on the horizon? Increasingly sophisticated, targeted operations. Criminals are able to combine ransomware into other schemes like business email compromise (BEC) so they can spam the campaign out from a hijacked inbox. Ransomware has evolved from criminal groups running the whole operation to now encouraging entrepreneurial behavior – “the business of malware.” They create workflows that other people can plug into. B.Y.O.M. – bring your own malware. At BlueVoyant, we’ve seen organizations fail because of an attack for which they were entirely unprepared. Ransomware can destroy a business, especially one without reliable backups and a disaster response plan in place. Read more in Volume One: Trends and Future Outlook Ransomware Response Cycle explainer series. This series will examine the current state of ransomware. This series will primarily focus on the present challenges faced by victim organizations, insurance carriers, and other stakeholders in the ransomware response process. Contemporary case studies from BlueVoyant’s Cyber Forensics and Incident Response Teams will be incorporated to demonstrate the issues that deeply affect the decision-making process of response stakeholders. Read Top 5 Cybercrimes and Prevention Tips for more information and examples on cyber crime. Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
BlueVoyant Share: Facebook Twitter LinkedIn Just when we thought ransomware was passé, it’s making a strong comeback. Ransomware entered the public consciousness in late 2013 when Cryptolocker successfully leveraged digital currency to extort an estimated $27 million from victims. 2016 and 2017 were big years for ransomware, with the devastating global deployment of WannaCry, Petya, and SamSam. The evolution and proliferation of ransomware continued, and even surged, in 2019. Often cybercriminals comb the internet for vulnerabilities to take advantage of the cyber equivalent of the “lowest-hanging fruit.” Once in your network, hackers are incredibly efficient at cultivating new, “live off the land” techniques, designed to avoid detection while penetrating deep into your corporate environment. Threat actors look for organizations and industries that are not prepared with disaster recovery or business continuity plans. Organizations such as municipalities and hospitals, where even an hour of downtime can be catastrophic, have been hit really hard. Attackers also select targets that are not keen to disclose that they have been compromised – this dynamic applies specifically to Managed Security Providers (MSPs). Attackers want to put the victim in the position of having to pay quickly and quietly. The ideal ransomware victim is: Vulnerable – Available for network compromise Unprepared – Missing reliable backups Unable to Work – Urgently in need of recovery Wants Privacy – Inclined to deal discreetly A recently released version of MegaCortex changes passwords on infected machines and threatens to publish the ransomed data if payment isn’t made. This development is key because it undermines the tried and true solution for prepared organizations – data restoration from backups. What is on the horizon? Increasingly sophisticated, targeted operations. Criminals are able to combine ransomware into other schemes like business email compromise (BEC) so they can spam the campaign out from a hijacked inbox. Ransomware has evolved from criminal groups running the whole operation to now encouraging entrepreneurial behavior – “the business of malware.” They create workflows that other people can plug into. B.Y.O.M. – bring your own malware. At BlueVoyant, we’ve seen organizations fail because of an attack for which they were entirely unprepared. Ransomware can destroy a business, especially one without reliable backups and a disaster response plan in place. Read more in Volume One: Trends and Future Outlook Ransomware Response Cycle explainer series. This series will examine the current state of ransomware. This series will primarily focus on the present challenges faced by victim organizations, insurance carriers, and other stakeholders in the ransomware response process. Contemporary case studies from BlueVoyant’s Cyber Forensics and Incident Response Teams will be incorporated to demonstrate the issues that deeply affect the decision-making process of response stakeholders. Read Top 5 Cybercrimes and Prevention Tips for more information and examples on cyber crime. Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more
Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more
Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more