Ransomware will remain a very signi cant threat until the second half of 2017. Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will keep the security industry busy through the rst half of the year. Ransomware’s impact across all sectors and geographies will force the security industry to take decisive actions. We predict that initiatives like the No More Ransom! collaboration, the development and release of antiransomware technologies, and continued law enforcement actions will reduce the volume and e ectiveness of ransomware attacks by the end of 2017.
The concept of ransomware was rst demonstrated in the early 1990s.
When Bitcoin was introduced and used for the rst time by the CryptoLocker ransomware family in 2013, it opened the door to anonymous ransom payments, shielding attackers from being caught. The “pioneer” creators of ransomware such as CryptoLocker and CryptoWall came from the world of banking Trojans and were very experienced in how to run a successful cybercrime operation. They quickly learned important lessons and have been able to rapidly adapt and change either their infrastructure or code as soon as business slows. These are the groups that will continue in the ransomware business and seek new ways to make pro ts. Currently, we face many smaller, less sophisticated groups who are attracted by the revenue generated by the organized groups. As discussed
in the Cyber Threat Alliance’s CryptoWall Version 3 Threat report, revenue from
a single ransomware family can exceed $325 million. Such examples have led
to a massive increase in ransomware families and attacks, as we have discussed many times. Individual criminals want to tap this gusher, too, and either sign up as a liates or build upon public code. We expect these small initiatives will decrease in 2017 as the security industry and international law enforcement join forces to actively detect and respond to these cases.
Further, the security industry has started developing tools and functionality to assist companies when battling ransomware. During Black Hat USA 2016, Intel Security’s advanced threat research team demoed ransomware proof- of-concepts aimed at IoT devices, including one that targets an automobile’s in-vehicle “infotainment” system, allowing the ransomware to control the car’s brakes and starter until the ransom is paid. The advanced threat research team is focused on the future of threats and industry cooperation to create awareness and mitigate these ransomware threats at an early stage.
What about virtual currencies, which opened the gate to ransomware growth? Will Bitcoin survive or will ransomware actors move away from it and seek new payment methods? Even the use of Bitcoin mixers is not enough to block the analysis of transaction links. Also, other Bitcoin services have been criticized at the Bitcoinference by attendees who complained about nonmixing by some services and unsecure usage of supernodes that could expose identities. As a result, we predict that there will be a shift in ransom payment methods toward virtual currencies such as Monero and Zerocoin/Zerocash.
Read McFee Labs Full REPORT threats-predictions-2017