WatchPoint Security Blog

Ransomware 2.0: What's Next?

Written by Greg Edwards | May 25, 2016

In 2015, security experts were predicting ransomware would be huge for cybercriminals in 2016.  The majority had no idea it would be this huge. 

IT Business Edge 2016 prediction:

In the first three months of 2016, businesses and individuals paid $213 million in ransomware payoffs, according to the FBI.  The total paid is expected to eclipse $1,000,000,000 in 2016.  That’s billion with a B.  Cyber criminals are targeting businesses of all sizes and even individual’s personal computers.

Ransomware-as-a-Service

You’ve heard of Software-as-a-Service (SaaS) - it powers the Cloud. Companies like SalesForce, DropBox, and HubSpot, are all SaaS companies providing valuable services to businesses every day.  The best cybercriminals have figured out that they can increase revenue by selling their “software as a service.”  Ransomware-as-a-Service (RaaS) is a variant of ransomware designed to be so user-friendly that it can be deployed by anyone with very little cyber know-how. It provides a valuable solution to less sophisticated cybercriminals and gives a portion of the ransom (usually 5% to 20%) back to the creator.  Individuals can subscribe and get the most sophisticated ransomware variants without all the work.

Win-Win: For Cybercriminals

For cybercriminals, this is a win-win.  Each new RaaS subscriber can create hundreds of versions of a given ransomware variant.  This makes it harder and harder for traditional signature-based antivirus systems to keep up. The more versions that exist, the harder they are to detect.  Antivirus is only 47% effective now, and getting worse.

How Many Variants?

While there are endless variants of ransomware, Locky has been responsible for the vast majority of ransomware that has infected users in the first quarter of 2016, accounting for 24% of the malicious emails from cybercriminals. Maktub Locker is the most recent form of ransomware that we have seen, showing up as an email claiming that you have a “past due bill” that needs to be paid. Jigsaw, Cerber, CryptoJoker and Ransom32 have also made several appearances in the cybersecurity landscape in the first three months of 2016.

What is to come?

Most recently, the Kansas Heart Hospital in Wichita was targeted by ransomware hackers and ended up paying the ransom demanded. However, instead of restoring access to hospital systems, the hackers simply demanded more money.

With demands from ransomware expected to surpass $1 billion in 2016, it’s safe to say that if you haven’t already, you need to provide protection from cybercriminals for yourself and your business. As long as companies and individuals keep paying the ransoms, cybercriminals will keep creating new variants of ransomware.

How to Stop Ransomware Attacks

As we have said over and over again, employees (ALL employees) are the weakest link in the cybersecurity chain. Having frequent reviews with employees discussing the threat of phishing attempts and what to look for in emails to avoid getting compromised is more important than ever.

No matter how much you educate your employees, however, cybercriminals are going to do everything they can to infiltrate your network. That’s where WatchPoint comes into play.

WatchPoint has developed CryptoStopper.io to stop ransomware in its tracks. CryptoStopper.io continuously monitors your system for ransomware activity. When ransomware is detected, it will isolate the offending user, notify you of the infection and prevent any damage from occurring.

Or

Contact us today to learn how you can become protected from the ever-prevalent threat of ransomware.