Sophos predicts higher emergence of ransomware by 2018
The British company specializing in software and hardware security, Sophos, recently published the results of a comprehensive investigation into the ransomware that has attacked various industries and operating systems so far this year. A work that predicts for 2018 an even greater emergence of this type of malware thanks to the platforms that offer it as a service (RaaS) - sold in the Darknet -, its expansion to Android through Google Play, continuous efforts to infect the Mac system and exploiting more Windows vulnerabilities.
The document highlights that the investigations carried out focused on the cyber attacks that affected the Android, Mac, Windows and Linux operating systems. They evaluated the infection capacity of these ransomware and their persistence over time, two important characteristics for the reoccurrence of these attacks.
As for the most prolific malware, WannaCry took over the baton, infecting thousands of victims, causing millions of losses and strengthening the weaknesses of the Windows operating system. A cyber attack that has only recently begun to subside.
In view of this decrease in effectiveness of Wannacry in conjunction with other causes, who becomes the most persistent ransomware in the community is Cerber, a ransomware that is offered as a service in the Darknet. This is because its creators have updated and improved with the passage of time, so today has greater strength than when it first attacked.
For its part, NotPetya (or Petya), despite having a rather small percentage of infection, is considered the most dangerous, and not for its effectiveness or persistence. Sophos researchers believe that this malware that it recently attacked could be nothing more than a data cleaner and not a ransomware as such.
While NotPetya caused the biggest peak, it did not do much after that point. The people could not even contact the attacker about the payment and the description. The attackers also gave an email address that did not work. Our researchers believe that their creators were simply using it to experiment and the goal was never to create ransomware, but something more destructive, like a data cleaner.
Sophos
Sophos highlights that ransomware has become the biggest business of the Darknet, generating various victims in the governmental, medical, educational and business sectors. The two industries most affected by this type of attack are the health services, a sector that is by far the first place due to the large number of illicit monetary benefits they generate -from getting extortion payments to selling medical information-, and universities.
The countries with the highest circulation of ransomware are the United States with 17.2% of malwares, England with 11.1% and Belgium with 8.6%. Also, the security company believes that the sector that has shown and will continue to show a greater variety of cyber attacks are specialized malwares on Android devices, dedicated to damaging the security of operating systems, stealing personal data or sending text messages.
The research highlights that it is very difficult to predict ransomware behavior by 2018. However, it considers that attacks like WannaCry may reoffend the coming year due to all the exploits that have been stolen. Similarly, Cerber seems not to want to stop its growth, so it would not be surprising that it persisted until next year. Last but not least, NotPetya could demonstrate in the future all its potential that is hitherto unknown.
Ransomware is a phenomenon that increasingly affects the entire world. These attacks specialized in requesting monetary rewards, usually in cryptocurrencies, have become increasingly popular; generating multimillion-dollar losses. A reality that, apparently, will not diminish in 2018.