What comes to our mind when you think of no.1 cyber threat of modern age? The recent global attacks on critical infrastructures leave not much room for doubt. One thing we see within the data protection industry is that despite countless efforts, the ransomware threat landscape continues to evolve. The spreading mechanism has changed, shifting from using simple phishing attacks, spam and drive-by-downloads to more sophisticated techniques. The use of such advanced techniques in ransomware has proven successful in massive global attacks like ExPetya and WannaCry in 2017 – both of which sabotaged computers and critical infrastructures worldwide. And still, not everyone is fully or even partially aware of what ransomware is.
Where do we stand?
Acronis recently conducted a global survey to identify the most crucial gaps in public education – we’re aiming to fill them before it gets too late. We surveyed the general adult population to determine the respondents’ awareness of ransomware and their readiness to protect data. The results were astounding, some you can see below:
Check if you have heard of the following:
What can I say, at least people know who Meghan Markle is these days.
Unfortunately, in terms of public awareness, the clear and present danger posed by ransomware is losing to more entertaining news of iPhone X and Google Home.
What we found, is that 34% of global respondents are willing to pay a ransom once attacked, and every minute 6 users become victims of ransomware. These findings only confirm the recent estimates by Cybersecurity Ventures, according to which global damages from ransomware attacks will reach $11.5 billion by 2019.
What’s worse is that despite the increased news coverage of ransomware attacks, nearly half of the population – 46.4% to be exact – still doesn’t know what it is or what it actually does.
As such, it’s a field day out there for criminals, with a new wave of sophisticated ransomware strains surfacing. It’s early in 2018, and our research team at Acronis has already detected nearly 20 new ransomware families making their way into the wild! Samsam and Datakeeper are the two most recent examples that have already succeeded in victimizing computers worldwide.
Who will it target?
As it continues to adapt, ransomware without a doubt will try to exploit devices that are becoming critical to many users. Wearables, IoT and mobile devices – attackers will add all of them to their list of targets. In addition, some ransomware attackers are adding extra capabilities like cryptocurrency mining and data exfiltration to their malware – all to make the most profit out of their unfortunate, unprepared victims.
A global ransomware attack is inevitable but how massive could it be – that’s the real question. After the inception of WannaCry and ExPetya big enterprises have tightened their security protocols and are now more conscious. And still, there is a large chunk of cyberspace that is left unprotected.
Our researchers recently came across the new version of Mirai botnet – a self-propagating botnet virus – that was attributed to cause a massive DDoS attack. It showed how ridiculously easy it is to hijack almost any IoT device on the Internet. And many of these devices could be serving a critical purpose with real-time applications – so, once they catch a ransomware infection it could badly damage the businesses dependent on them.
Though some enterprises may be able to thwart these attacks very quickly, but keeping track of all the devices within the organization is getting harder and harder, especially for those that don’t have a strict BYOD policy. And no one can solve this problem by simply preventing a certain subset of computers and leaving everything else aside, unprotected.
So, who will suffer most from ransomware in 2018? Apart from the ability to respond quickly when an attack is discovered, it’s also the ability to contain the infection from spreading that will become increasingly important. Since enterprises are finally taking security seriously, it will be the SMBs and users struggling hardest with this measure. That’s one of the reasons why earlier this year we launched a free anti-ransomware solution, Acronis True Image 2018. It has been repeatedly tested by independent labs and has been proven to stop significantly more attacks than similar solutions.
What will be different this time?
The one trend I see coming is that both attackers and defenders will benefit from using AI. Defenders can perform better assessment of their security policies and upgrade them if needed. They can also use AI to discover any new zero-day vulnerabilities which could be exploited and patch them up in time. AI can also predict which human behaviour patterns or practices could put organization at risk of an attack.
On the other hand, attackers can use AI to discover weak links within the organization and penetrate the implemented security protocols. AI can also help attackers determine the most profitable targets and the shortest ways of target exploitation. It can also help determine which malicious techniques to use based to ensure highest success rate of the attack.
It will be “AI vs AI” scenario and it may completely change the current security perspective. It will certainly demand a new look through and prepare fresh guidelines for prevention against AI-based attacks.
How do you stay safe?
Since cybercriminals are dedicated to find new ways of infecting computers and IoT devices, this year we expect they will go straight for your backup – aiming to destroy the only thing that keeps you safe from ransomware.
That means you now need to protect your backup files from such attacks. There are a few things you can do: first, always install updates. It doesn’t matter which data protection software you use – it will lose its power if you don’t update your office software to close the vulnerabilities that new ransomware preys upon.
Secondly, regular backup must become a habit of yours. Be sure to follow the 3-2-1 rule: have at least 3 copies of your data, 2 of which are local, but on different devices and have at least 1 copy offsite.
And lastly, remember to deploy endpoint protection software with advanced technologies, like Exploit Prevention to prevent and shield your data from any malicious activities.