Is ransomware back? It never went away…


It’s hard to believe that the WannaCry attack that brought down NHS services and cost global companies millions of pounds happened almost 2 years ago. The malware hit major global players such as FedEx, Boeing and Renault amongst many others, causing widespread disruption and data loss and bringing the issue of cybercrime in general to the front pages.

In a perfect world, ransomware and cyber-criminals wouldn’t exist; but there’s one silver lining we can take from the WannaCry virus. These attacks caused us all to take a step back and re-evaluate our approach to cybersecurity and consider not only the technologies we put in place to protect ourselves from such attacks, but also how our own behaviour can increase or decrease the risks we face online.

WannaCry propelled ransomware, once only covered by cybersecurity specialists, into the mainstream media arguably for the first time, heightening awareness and making the hackers’ jobs that little bit harder. We all did a bit of soul-searching and sought to better protect ourselves from these threats; so there’s a silver lining, if you’re looking for one. Furthermore, that these attacks took place just as most of us were gearing up for GDPR only served to increase our appreciation of the fact that data security in this digital age was a pressing priority.

Since WannaCry and the subsequent Petya/NotPetya and Bad Rabbit ransomware attacks, we’ve not really heard about ransomware much in the mainstream news. So, does that mean that we’re all safe from it now?

No, not at all.

You didn’t think that the bad guys would just give up once ransomware entered the public consciousness and businesses began to protect their data, right? There have been a number of developments in malware behaviour and attack vectors recently. Here are two of the latest ransomware tactics you need to be aware of.

Anyone can buy and execute a ransomware attack

Ransomware-as-a-Service, which is the ability for non-technical criminals to buy a professionally created and sophisticatedly marketed ransomware service, isn’t a new phenomenon, but it’s becoming more widespread. The fact that pretty much anyone with a grudge can launch an attack on a specified target without needing a great level of technical knowledge of the actual attack itself for only a few pounds/dollars/euros makes this a valuable revenue stream for those behind the attacks themselves and as such, is a problem that isn’t likely to go away any time soon.

This new method of buying and executing ransomware attacks significantly increases the cyberthreat landscape; it’s no longer just the small(ish) group of professionals hackers who can take down your business. Now, almost anyone can at least give it a shot.  

Ransomware that targets cloud products

This type of ransomware is relatively recent and targets cloud-hosted mailboxes, like the most widely used email and productivity suite, Office 365. Cybercriminals will use spear-phishing techniques to trick a user into divulging their mailbox credentials, at which point the attacker will proceed to encrypt all email in the environment and, as we’ve come to expect, demand a ransom be paid to restore access.

From encryption to theft

For a long time, ransomware has been defined as a type of malware that encrypts all of the files on your computer – and your entire business network, if reachable from one infected machine. However, the latest strains come with bells and whistles that will allow them to steal Bitcoin, harvest web logins for online banking, ecommerce and even corporate applications, allowing attackers to steal data from these services before proceeding to encrypting your machine.

Hackers are constantly getting thwarted by cybersecurity providers, who come up with a solution to each new style of attack. However, as a result of this, the malware authors devise new and evermore ingenious ways to circumvent this increased security. After which, the security companies up their game again. So the baddies do the same. And so on, and so on.

It’s important to be aware that a joined-up and ever-evolving cybersecurity strategy should be implemented to keep the hackers out. It’s not a checklist that can be completed, filed and stuck on a shelf forever more. Specific anti-ransomware solutions are built with artificial intelligence, which means they’ll evolve alongside the hackers’ new tactics. What’s more, a managed security services provider can help you stay on top of cybersecurity; it’s literally their job to keep your business safe.