FireEye’s latest report states that you cannot keep ransomware down. The report analyzes ransomware’s deeper impact into the world’s computers.
One of the top conclusions in the report is the one that ransomware is rising up again. Actually, the pesky species of malware achieved a remarkable upswing during the last half of the past year. The statistics show that for the period October – November, 2015 the use of ransomware jumped up by almost 20%.
Even more interesting is the fact that well-known ransomware like Cryptowall, Cryptolocker, CTB Locker and Kryptovor, keep posing persistent threats to people and businesses alike.
“We don’t expect this to decrease in any way”, the systems engineer at FireEye, Jens Monrad said.
Most probably, part of the reason for not only this upswing but the infuriating and persistent rise in popularity that ransomware has enjoyed over recent years is mere capitulation.
According to Monrad, one of the reasons is that “we are seeing victims exploring the path of actually paying the ransom”.
The main driver, added Monrad, “from a cyber-criminal perspective, is that this is an ecosystem that is working”.
Actually, one of the unfailing laws of capitalism is economy of development. It’s “still a very attractive model for cyber-criminals”, Monrad believes, because it’s cost effective. “It is one of the malware families with the shortest development lifecycle,” he added. Quite simply, cyber-criminals “don’t have to put that much effort in” to get large rewards.
In fact, ransomware is not too complex. Upon infection, it encrypts the files of users and charges the unlucky victim to un-encrypt. However, the underlying architecture of such pieces of ransomware tends to be very complex indeed and as the report notes, ever-evolving.
The CSO for EMEA at Palo Alto Networks Greg Day, thinks a response will take a little more complexity.
“To change this dynamic, we have to move beyond the current attack or campaign to identifying and blocking the underlying architecture required to succeed. By detecting and blocking the underlying architecture, as well as the actual attack, it is possible to have more systemic impact,” Day said.
“We see through experience that new campaigns and variants of ransomware can take as little as just a few minutes to create. Rebuilding the underlying architecture for compromise, communication and money transfer typically takes weeks and months.”
FireEye’s report has been published every six months since 2014. It collects data from FireEye’s Dynamic Threat Intelligence Cloud, a network of Fireye products which collects masses of data from FireEye customers. Among its pages are many other noteworthy findings.
Recently, UK dropped from first place to number six in the FireEye’s list of most targeted countries.
To be precise, the UK retained its proportion of advanced threats, 9%, but it was eclipsed by the geopolitically tumultuous landscape of Turkey, which suffered 27% of advanced threats.
Actually, the amount of attacks targeting Turkey pretty much eclipsed all other rivals. In terms of exposure to advanced threats, Turkey was targeted twice as often as its second place rival, Kuwait.
What we see in the real world, “seems to be mirrored in the cyber-world,” Yogi Chandiramani, senior SE director for FireEye in the EMEA, stated, elaborating on how the kinetic’s world problems are often litigated in the cyber-realm.
In fact, Chandiramani added, governments being targeted seems to be becoming “almost a norm”.