Be Prepared for these New and Emerging Ransomware Threats

Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had been hit three or more times. Because ransomware is now ubiquitous, organizations have learned to fight back, to some extent, by restoring their systems from backup drives. However, hackers are fighting back, too, with new and improved ransomware variants. Here are five of the biggest ransomware threats to watch out for in 2017.

1. Doxware

Doxware, a combination of ransomware and extortionware, is a direct response to organizations’ attempts to avoid paying ransom by restoring infected systems from clean backups. In addition to locking down a victim’s system, doxware goes a step further by simultaneously threatening to publicly release the user’s private or sensitive data. For example, one doxware variant notifies users that it has compromised all of their login credentials, contacts, and Skype history onto a server and threatens to forward it to all of their contacts. Other variants are programmed to search the user’s system for files containing keywords that might indicate embarrassing content, such as “nude” or “sex.” Restoring the system from a backup is ineffective against a doxware attack because it will solve only half the problem.

2. Ransomware Threats Against Mobile and IoT Devices

One of the many concerns regarding doxware is that it is perfectly suited to attacks on mobile devices, where users are likely to store embarrassing photos and videos, sensitive data such as bank login credentials, and contact lists. Recently, the owner of an Android-powered smart TV made the news when his set was locked down by what was believed to be a variant of the Cyber.Police ransomware strain. Since most internet access is done on mobile now, and since the Internet of Things is exploding in popularity, look for more ransomware threats specifically targeting these devices.

3. Attacks on SCADA/ICS Networks

SCADA and ICS (industrial control systems) networks, which are widely used to power critical infrastructure networks such as utilities and public transit systems, are particularly vulnerable to ransomware threats and other forms of cyber crime. Many SCADA and ICS systems that are currently in use pre-date the internet by decades; they were designed to maximize functionality, efficiency, and safety, not cyber security. Shortly before Christmas in 2015, an attack on a Ukrainian power company’s SCADA network took 30 substations offline and plunged 230,000 residents into darkness for hours. It was recently disclosed that a disk-wiper virus called KillDisk was involved in this attack – and that KillDisk has since mutated into a form of ransomware that may be specifically aimed at SCADA/ICS systems. And, in late November 2016, the San Francisco Municipal Transportation Agency was attacked by ransomware that locked down its ticketing systems for part of a weekend, forcing it to give away free rides so that the public-transit-dependent city would not ground to a halt.

4. Attacks on the Manufacturing Industry

Manufacturing is the second most hacked industry in the nation, trailing only healthcare. Automotive manufacturers are the top target, followed by makers of chemicals. The manufacturing industry is vulnerable due to a lack of regulations regarding industrial cyber security, coupled with the complexity of the industrial supply chain. The latter means that manufacturing plants, like hospitals, cannot afford to have their systems locked down for even a day. Yet many manufacturers focus solely on achieving the minimum compliance with industry and regulatory standards, which does little to protect their systems and data. Look for increased ransomware threats against manufacturers as hackers seek large paydays.

5. Malware-Free Ransomware

So-called “malware-free” ransomware does not contain an executable file, instead relying on normally benign tools such as JavaScript and PowerShell to do its dirty work. One variant discovered in November infects Scalable Vector Graphics (SVG) files with malicious JavaScript code, which redirects users to malicious websites. This type of ransomware is extremely difficult to detect, and it’s very easy to hackers to alter the code to evade new security tools.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.