Ransomware: Is time running out for the biggest menace on the web?

Attempts at delivering ransomware have declined, as cybercriminals move towards other forms of malware -- at least for now.
Written by Danny Palmer, Senior Writer

Video: What's next for ransomware

Ransomware attacks like WannaCry and Petya caused major chaos last year, while the likes of Locky and Cerber were less high-profile, but still managed to generate large amounts of income for their criminal creators.

2017 was the year of ransomware, but it could be that the file-encrypting malware has already reached its peak, as an analysis of cybercriminal campaigns appears to show that malicious actors are already dumping ransomware in favour of other forms of cyber-attack.

According to an analysis of cybercrime tactics and techniques by researchers at security company Malwarebytes, the final months of 2017 saw cyber-attackers ditch ransomware, either in favour of returning to more stealthy forms of malware like trojans and spyware, or moving onto the likes of cryptocurrency miners and ad-fraud malware.

Figures suggest ransomware peaked when it accounted for over 70 percent of exploit and spam drops in June -- the same month as the Petya ransomware attack and shortly after May's WannaCry outbreak.

However, since that point, the percentage of ransomware drops has fallen significantly, dropping to under 10 percent of malicious payloads in December.


Figures suggest delivery of ransomware payloads has declined hugely since June.

Image: Malwarebytes

It could be that the high profile of ransomware following the WannaCry incident pushed the malware into the public eye to such an extent that potential victims became more aware of the threat, while making more businesses more likely to back up data. In both cases, some cybercriminals may have found ransomware to be a less effective means of illicitly making money.

"In the wake of so many high visibility ransomware attacks, both corporations and individuals are realising the necessity for good backup practices. This alone, even without additional security precautions, effectively deadens the otherwise considerable sting of the threat," Chris Boyd, malware analyst at Malwarebytes, told ZDNet.

Read: Cybersecurity in 2018: A roundup of predictions

It's also possible that prominent forms of ransomware -- including Petya and Bad Rabbit -- were poorly coded or just outright designed not to provide decryption keys and sometimes even not to accept payments, so some victims just stopped paying fees. That breach of 'trust' with the 'customer' by some ransomware distributors therefore made it less likely that victims would pay up when hit with other forms of ransomware too.

"Breaking that peculiar element of trust with victims -- who are relying on you to keep your word and give files back -- means diminishing returns," said Boyd, adding: "In short, people have wised up to ransomware given the media saturation."

So what are cybercriminals turning to now, if they're moving away from ransomware?

One option is using malware to mine for cryptocurrencies, with attacks tricking users into installing programs that secretly run in the background of systems in order to acquire cryptocurrency -- be it bitcoin, Monero, or something else.

This form of attack causes a massive drain on the resources of the infected system, potentially slowing it down to the point where it could become unusable for anything but the malicious mining. Researchers suggest that 2018 will see a further increase in this form of malware, which could even rope in mobile and IoT devices.

"If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms, and new forms of malware designed to mine and/or steal cryptocurrency," said the report.

However, it'd be foolish to completely discount the risk of ransomware. It's still a valuable means of making money for cyber criminals - as demonstrated by the recent case of a US possible paying $55,000 to hackers after a ransomware attack.

There are also families of ransomware like Locky, which have previously appeared to have died off only to return with a vengeance. Meanwhile, hackers are still experimenting with new ways of delivering ransomware.

Recent and related coverage

New ransomware headache as crooks dump bitcoin for rival cryptocurrencies

The switch to new digital currencies will make life more difficult, according to one police chief.

Ransomware's bitcoin problem: How price surge means a headache for crooks

Ransomware authors are profiting from the rise of the cryptocurrency -- but it's also bringing some unexpected problems for them and other dark web operators.

After WannaCry ransomware attack, the NHS is toughening its cyber defences

£20m to be spent on Security Operations Centre in order to help protect the UK's hospitals and health services against cyber attacks


Editorial standards