In 2016, there were over 4,000 ransomware attacks every day. This was a 300% increase over 2015, when there were 1,000 attacks every day, and it’s likely to get worse in 2017.

In the first quarter of 2016, cyber criminals used ransomware to steal $209 million from US businesses with an expected $1B for the entire year. Crypto ransomware has grown in popularity since it started with Cryptolocker in 2013, and we can expect to see more clever ransomware as cyber criminals try to make money in 2017.

Ransomware: No Skills Required

When ransomware first came out, it required some skill in order to create an attack. Now, with the growth of ransomware as a service (RaaS), it has become a business model that makes it easy for cyber criminals to attack without requiring technical knowledge of how to create ransomware.

To launch an attack on a group of victims, the cyber thief simply needs a credit card and a mailing list of targets that they want to attack. The user-friendly service allows criminals to download a ransomware tool for a small fee, set the ransom, and enter a deadline for the payment. For every victim that pays a ransom, the service provider gets a cut and the rest goes to the attacker. Some of the RaaS companies even provide training and support.

Ransomware Gets More Personal

“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

In the past, many ransomware attacks were blasted to huge lists in hopes that someone would open the email. You can expect more targeted, personalized attacks in 2017. With newer versions of ransomware, once it identifies whether it is attacking a business or personal machine, it will adapt its ransom demands to match the victim.

For example, it may choose different types of files to encrypt based upon whether it is a personal or business machine. In addition to encrypting these files, it may post your confidential data to social media or a file space if you don’t pay the ransom.

Ransomworm: Ransomware That Spreads Across Your Network

In 2017, it’s likely to get worse as more ransomware is augmented with code from traditional network worms like SQL Slammer, CodeRed, and Conficker to create new ransomware that is able to spread across a network. This will effectively increase the amount of damage that can be done with ransomware.

Using this method, after infecting one computer, the malware will be able to spread to additional computers on the network. It will allow an initial machine to become infected, have a ransom paid, and then wait on other machines undetected until it is ready to attack again. This means you may end up paying ransoms multiple times to the same criminals.

Ransomworms that can infect multiple machines on a network already exist. A good example is ZCryptor. This malware does not require an email in order to infect machines. It takes advantage of attack vectors that were created by other malware and then self propagates to the network from the compromised machine.

SamSam is another example. It is spread via unpatched vulnerabilities on servers, allowing it to infect a machine and then go undetected, causing more damage on their internal network.

Preventing A Ransomware Attack

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” – James Scott

Becoming a victim of a ransomware attack can be time-consuming, costly, and damaging to a company’s reputation. Here are some tips to thwart the next ransomware attack:

Educate your users: According to a Verizon 2015 Breach Investigation Report, 11% of users will open an attachment from someone they don’t know. Infections are often caused by end-users. They open an infected attachment, or click on a link that takes them to an infected site.

Offer security awareness training for your end users. If they receive an unsolicited or unexpected email with an attachment from the sender, have them call the sender to verify they sent it. If they receive an email with a link they were not expecting, they should never click on it.

Backup your data: There will never be a 100% guarantee that malware like ransomworm will not successfully infiltrate your network. Backing up your data and keeping it off site and disconnected from your network is the safest way to ensure you can recover after a ransomware attack. Consider using a service like Amazon Glacier Cloud Storage for off-site backups.

Keep your software patches up-to-date: Once your users are trained to avoid opening email attachments or clicking on links, exploiting software flaws is another common way for malware to spread over your network. Keeping your software patches up to date will help prevent the spread of ransomworms that exploit a network or software flaws.

Enforce the principle of least privilege: The principle of least privilege gives programs and users access to the programs they need, but no more. Combining least privilege management with application controls can allow you to revoke local administrator rights on workstations in many cases. This will minimize the spread of unwanted software.

Use endpoint security software: Some people assume that if they keep security and software patches up-to-date and enforce least privilege, they will have things adequately locked down. This is not the case.

Don’t think you have to worry about security because of your company’s size? After all, only large companies are in the news saying they’ve been breached, right? Don’t fall victim to this fallacy.

In the case of the Target breach, it was a small HVAC contractor that opened the email that allowed them to get hacked. Companies of all sizes need to have endpoint security like SentinelOne regardless of their size.

Keeping New Malware Threats At Bay

Expect several new malware threats in 2017 as cyber thieves try to increase their revenues by improving ransomware. Following these tips will help reduce the risk for your business and check out this guide to protecting virtualized environments and cloud infrastructure to minimize damage from cyber threats.

Is your business ready for the next new malware threat?