Verizon’s 2017 Data Breach Investigations Report, which provides analysis of reported IT security incidents, found that the file-encrypting computer viruses advanced from being the 22nd to the 5th most common form of malware between 2014 and 2016.
But that growth isn’t happening unchecked, according to Verizon. The IT security industry is taking several steps to curb the threat, including sharpening defenses that can detect and stop ransomware before it causes damage.
IT security firm McAfee shared its threat intelligence with Verizon to explain some significant advancements in the ransomware threat landscape. McAfee’s data revealed that during the end of 2015 into 2016, the number of ransomware viruses detected grew from over 400,000 to more than 1.3 million samples per quarter.
Verizon found that ransomware attacks targeting the healthcare industry garnered the most publicity in 2016 because of the impact that it can have on patients and their data. If patient data is unavailable, medical facilities like Hollywood Presbyterian Medical Center and others can’t properly treat people and may have to divert them to other locations. Government agencies and financial organizations are also attractive prey for cybercriminals.
The evolution of ransomware
Ransomware owes its growth and impact throughout most of 2016 to innovation in crypto-malware technology and extortion methods. For instance, some ransomware families don’t encrypt individual files but instead lock a computer’s Master Boot Record or engage in partial or full-disk encryption. These techniques make it more difficult for a victim to recover from an infection.
To fully capitalize on a successful infection, many ransomware samples now come equipped with additional capabilities such as credential theft modules and code that targets corporate servers.
Attackers also want their software to remain undetected. To help make this happen, some ransomware families now use tactics like environmental awareness of real and virtual machines, timing-based execution, and unexpected command-line arguments to evade detection by security systems.
At the same time, pre-packaged “ransomware-as-a-service” offerings are making it easier for cybercriminals to extort money from victims. Offerings like Petya/Mishca and Chimera allow anyone to purchase or rent out a ransomware sample and customize an attack campaign.
The security industry’s counteroffensive
Verizon also found that the security industry is working to enhance security defenses available to businesses and individuals. For example, new behavioral analysis capabilities will make it easier to detect and ultimately block ransomware before it attacks.
The security industry is also working with the law enforcement community to promote threat intelligence sharing and initiatives like No More Ransom, which victims recover their files without meeting the attackers’ demands.
For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.