INFRA
INFRA
INFRA
Report finds ransomware is becoming just another tool in the hacker utility belt
Ransomware is evolving into just another tool in hackers’ utility belts as cybercriminals move away from opportunistic attacks and move on to more profitable types of attacks, according to a report from Recorded Future’s Allan Liska.
The “5 Ransomware Trends to Watch in 2018” report examines the changing ransomware landscape, noting trends such as ransomware as a service that are already well known but also highlighting some surprising findings, particularly in light of attacks such as WannaCry in 2017.
Liska first described the shift away from opportunistic attacks, reflected by a rapid drop in the number of exploit kits being used. “The big EKs of 2016/2017, Sundown, Neutrino, and RIG, have fallen off,” Liska notes, with “no new EKs have stepped in to fill the void. This has occurred, in part, because there are fewer zero-day browser exploits to use in these EKs, rendering them less effective.”
Of those EKs still in existence, their focus has changed, with Liska saying that RIG has switched to delivering cryptocurrency miners rather than ransomware. “In general, there has been a move away from ransomware to cryptocurrency miners, largely for the same reasons that lead to the rise of ransomware in the first place,” Liska writes. “At this point, cryptocurrency miners are more profitable than ransomware” but “they are also more difficult to defend against. Until the security community catches up, cryptocurrency miners will continue to be profitable for attack groups.”
Liska noted that ransomware attacks have continued to drop off, but some industries will continue to be targeted, particularly healthcare. “Hospital attacks have not abated recently, instead they continue to move along at a steady pace and continue to be effective,” Liska said.
Despite the drop in ransomware attacks, ransomware as a service is poised to remain popular because it allows attackers to rent ransomware infrastructure rather than develop it themselves. That’s both “attractive to less experienced attackers because it allows them to get into the ransomware game quickly and painlessly,” Liska noted, and it “also appeals to more experienced hackers as well because it guarantees them a revenue stream, selling the RaaS to inexperienced newcomers.”
Photo: christiaancolen/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
