show image

“Peak ransomware”: incidents are declining, but attacks are increasingly disruptive

Earlier this week, researchers at Proofpoint revealed that ransomware is no longer the most common email malware. According to their investigation, banking trojans were hackers’ preferred weapon in the first quarter of 2018, for the first time in nearly two years.

But, speaking at a cyber security summit in London yesterday, Tim Jeffcoat of Datto, a business continuity solutions provider, warned that while we might have passed “peak ransomware”, the variants emerging now are more disruptive than ever before.

“We’re not seeing quite so many new variants of ransomware being developed and designed,” he told the audience of managed service providers (MSPs). “But what has changed is the nature of the threats. We are still seeing ever varying implementations.”

Cyber criminals are going to greater lengths to ensure their attacks pay off. Hackers, for example, are increasingly posing as CIOs and CFOs in order to convince victims to download malicious payloads, Jeffcoat explained.

“We are also seeing an increase in attacks lying dormant,” he added. “It gives criminals a backdoor into people’s IT systems where they can then understand – is this the right machine on the network that I want to encrypt?”

It’s not just the delivery method that is changing either. Jeffcoat referenced the Bad Rabbit ransomware that deletes Windows backups. “We’re now also starting to see ransomware variants that are aware of external storage,” he revealed.

“What this all amounts to is it’s much harder to recover from a ransomware attack,” said Jeffcoat. Datto’s senior vice president of international sales, Mark Banfield, told NS Tech that these threats are forcing small and medium-sized businesses to take their data back-ups more seriously, and they are turning to managed service providers for support. He concluded: “Small and medium-sized business are outsourcing their IT more rapidly than they ever have before.”