Connect with us

Hi, what are you looking for?



Why Ransomware Is Not Going Away Any Time Soon

2015 has been an eventful year in the world of malware, and few threats have risen more dramatically than ransomware. Unlike other types of malware that attempt to steal data, ransomware such as CryptoWall or CTB Locker simply encrypt data on the infected machine or network, and then demand payment from the victims in order to decrypt the frozen data.

2015 has been an eventful year in the world of malware, and few threats have risen more dramatically than ransomware. Unlike other types of malware that attempt to steal data, ransomware such as CryptoWall or CTB Locker simply encrypt data on the infected machine or network, and then demand payment from the victims in order to decrypt the frozen data.

It was obvious from early in the year that it was going to be a big year for ransomware. In May, McAfee reported that the volume of ransomware doubled with a variety of new ransomware families leading the charge. Likewise, Kaspersky saw 65% growth and identified ransomware as the fastest growing threat.

Although ransomware is commonly targeted at consumers, recent versions have targeted the enterprise with a vengeance. In addition to encrypting the hard drive of infected hosts, ransomware explores the network to find file shares and network drives, which can also be encrypted. This has shifted ransomware from a nuisance to a potentially debilitating attack that can freeze critical assets and intellectual property.

Ransomware and the criminal business model

Security professionals can become hardened by the barrage of new threats, and may brush off ransomware as just another passing phase in the march of malware. But while malware families come and go, there are vital elements in the ransomware business model that will impact cybercrime in the foreseeable future.

To understand these drivers, it is important to look at the malware from the perspective of cybercriminals.

Breaking fences

Ransomware Targeting Enterprises

It’s a fact of criminal life that thieves have to figure out how to sell their stolen goods, and this is especially true for cybercriminals. The criminal underworld includes a rich ecosystem for this express purpose.

Advertisement. Scroll to continue reading.

For example, criminals who steal credit card numbers typically can’t monetize the cards directly. Card numbers are sold in bulk, broken into smaller batches, and resold to criminals who print new cards, and, in turn hire low-level criminals to buy products with the stolen cards.

Those products are then resold and the money is moved through mules before the actual cash is collected. Each step is an opportunity to get caught and introduces a middle-man that takes a cut of the profit.

Ransomware short-circuits this highly complicated fencing operation. Criminals encrypt the data and demand payment directly from victims. Payment is typically delivered in bitcoins or similar crypto-currency.

This relatively direct path to cash makes ransomware attacks profitable and removes the need for a large, complex criminal network. It also lowers the bar for would-be cybercriminals, and in effect brings more bad guys onto the playing field.

Everyone’s data is valuable to them

“No one cares about our data enough to break in and steal it.” This is one of the huge misconceptions that executives whisper to themselves before they ignore an important security project.

While it is certainly true that some data is more valuable than others, the ransomware model turns this short-sighted thinking on its head. Attackers don’t need your data to be valuable to the outside world, they only need that data to be valuable to you.

This makes everyone a potential target, including organizations that have been giving security short shrift over the years. For attackers, this is a great development. Instead of robbing banks, which are relatively few and very well-defended, ransomware opens up a massive supply of relatively unsecured potential targets.

Avoiding the Pinkerton’s

Targeting a diverse set of victims has an added benefit: It vastly complicates the building of coalitions and information sharing. Outlaw Butch Cassidy found out the hard way that if you steal regularly from banks and railroads, you will eventually attract the attention of Pinkerton detectives.

Today, banking malware has had a similar effect on criminals. Financial institutions share cybersecurity intelligence and multiple law enforcement agencies are coordinating their efforts to focus on banking malware.

Ransomware makes building these coalitions far more daunting. Many victims pay the ransom and do not report the crime. Likewise, since victims can come from any industry, it further complicates the process of sharing information between organizations.

Additionally, ransomware operations have fewer moving parts and a lower dependence on command-and-control attack maneuvers. Unlike other malware campaigns that require consistent C&C communications, ransomware only needs C&C servers for encryption and decryption keys.

This makes it easier for attackers to stay on the move and harder for law enforcement to target and takedown the C&C infrastructure. Anything that makes life difficult for security teams and law enforcement is typically going to be a good thing for criminals.

These are some of the natural benefits of ransomware that criminals are quickly learning to use to their advantage. Given the consistency with which malware can penetrate an organization’s defenses, it is no wonder that this type of attack is on the rise.

In the coming year, it will be critically important for security teams to watch the ransomware trend closely. Virtually every network has malware, and these infections are more than enough for a ransomware attack. A few spambots in your network may not seem like a big deal, but a few CryptoWall infections could bring business to a standstill. 

RelatedCryptoWall 4.0 Released With Filename Encryption Feature

Related30 Percent of Companies Would Negotiate Data Ransom With Cybercriminals

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.