Ransomware is dying, not today, not next month and even not next year.
However, it is slowly and surely losing its place as the no. 1 perceived threat to organizations.
This may seem counterintuitive given the latest mega-attacks (Wannacry and Petya/NotPetya), but hear us out – there are several indications for this, both on the cybercrime side and on the cybersecurity side.
- Cybersecurity: Improved prevention means
Lately, several cybersecurity vendors have introduced free to use and effective ransomware mitigation means. Microsoft (which was blamed by some after the latest attacks for not patching older OS) is particularly aggressive – Microsoft is equipping its new version of Windows 10 with a feature that will protect computers against ransomware. It is expected to be available in September and will include a controlled access folder to stop viruses and ransomware from locking machines out of certain folders. If enabled, the default list prevents apps from accessing the desktop, photos, movies and documents folders. Microsoft is also strengthening its Windows Defender software, which should help prevent malware from exploiting vulnerabilities in the first place.
- All you need is a good backup
Improved backup and recovery services (especially cloud based ones) greatly reduce the impact of a ransomware attack. The main cost then shifts from paying the ransom to clean up to recovery and downtime.
- Cybercrime – Diminishing returns
This is perhaps the most telling sign. At the beginning, Ransomware attacks were targeted and requested very high sums in return for unlocking files (it also had a count-down to zero, a feature which is now nearly extinct). Looking at the latest ransomware attacks – cyber criminals are now using a different business model – where they infect the maximum number of machines and ask for much smaller sums, aka “spray and pray”. This is an indication that the heydays of ransomware are over.
- Global epidemic with massive financial impact?
Globally, individuals and organizations have paid a total of 25 Million USD over the past 2 years to get their files back, according to a recent study by Google. Most of this money was paid (or earned) during the first month of 2016, which were really the high times for ransomware. Given that the average cost of a single data breach is 3.62 Million USD, this is a rather meager sum (to put this in perspective, the total global cost of ransomware paid is equal to 7 average data breaches).
But is this a good thing?
Not really. By using the exact same infection mechanism as ransomware, cyber-criminals could do a lot more damage.
As we discussed in our blog post, luckily for many organizations, they were “only” hit by ransomware, a type of malware which lets you know it is there, allows you to mitigate it, and does not create long-term damage. But using similar techniques of spreading malware, much more damage could have been done: proprietary information, personal identity information, credit information, etc. could be stolen or tampered with. Just as an example – instead of encrypting files, cybercriminals could exfiltrate customer data and extort the attacked organization with the threat, “Pay up or we’ll sell your data to the highest bidder on the darknet.” The impact of such an attack could amount to millions of dollars in direct and indirect damage.
So while Ransomware is in decline (albeit not likely to disappear completely), we expect the next wave of cyber attack to be much more devastating. We might end up missing the crypto lockdown screen…