Ransomware: Get ready for the next wave of destructive cyberattacks

It might not be flavour of the month right now, but cybercriminals and nation-states could still find plenty of uses for ransomware.
Written by Danny Palmer, Senior Writer

It might look to be out of the limelight compared to 2017, but it would be foolish to write ransomware off yet, as more attacks using the file-encrypting malware are ahead.

High profile incidents like WannaCry, NotPetya and Bad Rabbit made ransomeware infamous last year. WannaCry and NotPetya have since both been attributed to be the work of nation-states - the former to North Korea and the latter to Russia - changing the perception of ransomware from something used by cybercriminals attempting to make a quick buck, to it becoming a tool of cyberwarfare.

That's especially the case for NotPetya, which took down the networks of businesses around the world and causing billions of dollars in damages and lost income.

So while some cybercriminal operations have pivoted towards cryptocurrency mining as means of making money, don't expect ransomware to be any less effective - or destructive.

"We do not expect the trend of ransomware plateauing in 2018. Enterprise ransomware will continue to be a major trend for various nation-state and criminal adversaries," Adam Meyers, VP of Intelligence at security company CrowdStrike told ZDNet.

The company's newly released 2018 Global Threat Report suggests that rather than fading into the background, ransomware could become an even more prominent tool of cyberwarfare - especially as the likes of WannaCry have demonstrated the large amounts of damage which can be done.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

Such is the evolving nature of the cyber threat landscape, it's entirely possible these types of destructive forms of ransomware could be adopted by others

"The propagation of advanced exploits has now blurred the lines between statecraft and tradecraft, and the threat landscape is evolving into a much grander scale of threat actors," said Meyers.

There's the possibility that the success of destructive ransomware attacks means they could be exploited by other groups, such as smaller-nations who want a piece of the pie, or even activist groups with hacking arms.

"Hacktivist groups will use ransomware and pseudo-ransomware wipers to disrupt victims, eroding trust between vital businesses and their customers or between governments and their constituencies," says the report.

It's also worth noting that while ransomware was a menace before WannaCry appeared, this particular strain of ransomware was made much more potent via its ability to exploit the EternalBlue vulnerability - and it opened the door to other forms of malware doing the same.

There's no reason why ransomware couldn't do the same again, exploiting newly discovered vulnerabilities to make payloads more potent.

"In 2018 and beyond, new campaigns could incorporate the latest vulnerabilities or additional TTPs [Tactics, Techniques, and Procedures] that have not been previously observed or associated with ransomware campaigns," said Crowdstrike.


Editorial standards