New and improved pieces of ransomware will catch organizations off guard, security firm Cisco repots.
According to Cisco`s Midyear Cybersecurity Report the new advanced piece of ransomware will be targeting not only individual devices but it will also have the ability to easily spread across networks via vulnerability exploits.
“New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency,” Cisco alarms. “For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.”
The ransomware families are expected to start using more and more the not-so-common distribution method – malvertising (malicious or malware-tainted ads). Adobe Flash vulnerabilities are still #1 of the malvertising target list and they were also to blame in 80% of the successful exploit cases in the famous Nuclear Exploit Kit.
Cisco also noticed that the recent ransomware attacks were using JBoss server for vulnerability exploitation and 10% of the JBoss servers` users were infected.
An alarming recent report states that, while the number of attacks against critical sectors like healthcare has rapidly increased, global regions and all vertical markets were also found to be on the target list. The attacks on non-governmental organizations (NGOs), clubs, charities and all kinds of businesses have become more and have occurred more often during the first half of the year.
“Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate.” the networking specialists explain.
Laila Khudairi, head of cyber at Lloyd’s, adds: “The fact that ransomware is set to evolve over the next few years is hardly a surprise. The media regularly reminds us how even some of the biggest organizations can be disrupted by ransom events and clearly more needs to be done to combat this rapidly growing threat. What’s more alarming is the fact that many organizations are still unprepared for the impact such events can have on their balance sheet.”
The Director of threat research at cybersecurity firm Webroot, David Kennerley, warns that one of the most difficult obstacles organizations would come across to is ransomware.
“Unfortunately, protecting against ransomware is currently a question of economics,” Kennerley says. “It is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend. This is why we have seen companies such as NASCAR team Circle Sport – Leavine Family Racing (CSLFR) paying for data to be recovered.”
“No matter how tempting it might be, companies should never concede to the criminal and pay the ransom. It not only fuels the ransomware economy, as criminals see more and more success, but there is absolutely no guarantee that the data will be returned. We have seen instances of malware claiming to encrypt the data, but instead it has been deleted so paying the ransom still did not result in the data’s return,” he warned.
