Story image

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next

14 Dec 17

​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

According to ESET, ransomware is growing at a yearly rate of 350 percent and is showing no signs of slowing down. The attack method of illegal encryption of files or devices and then holding them to ransom has become increasingly popular among cybercriminals.

2017 saw ransomware outbreaks in more than 150 countries and the advent of the ‘ransomworm’, where in a few very notable cases, conventional file or disk encrypting ransomware techniques were paired with rapidly spreading network worm functionality.

The result was hundreds of thousands of computers around the globe fell victim to the virulent ransomware strains within just a few hours.

Senior research fellow at ESET, Nick FitzGerald says in the new year businesses are likely to be faced with continuing ransomware incidents, an upswing in DDoS attacks and an increased number of attacks against connected devices, on a much larger scale. 

“We have seen the cybersecurity landscape shift significantly over the course of 2017, with global attacks like WannaCryptor (aka WannaCry) and DiskCoder.C (aka NotPetya) setting disturbing high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign,” says FitzGerald.

“Cybersecurity awareness and vigilance must remain at the forefront of business agendas. Businesses small and large alike must develop cohesive, organisation-wide cybersecurity policies, but more importantly, they need effective, well-rehearsed response and recovery plans.”

Here’s ESET’s indepth look into the most popular strains of ransomware from 2017:

WannaCry

Easily one of the biggest cybersecurity stories of 2017, WannaCry wreaked unprecendented havoc across more than 150 countries where the attack spread like wildfire with its worm-like capabilities on May 12 2017.

The attack demanded $300 worth of bitcoin in ransom, affecting more than 230,000 users including the UK’s NHS and Spain’s Telefonica. ESET labelled this cyberattack as the worst of 2017.

NotPetya

This cyberattack affected banks, power companies, public transport, and postal, courier and shipping companies globally on June 27 2017.

The attack was seeded through the subversion of a software update mechanism built into an accounting program widely used by companies working in Ukraine or with Ukrainian partners – consequently a large number of Ukrainian organisations were affected.

Once run on one PC the malware spread rapidly across an organisation’s LAN either via the EternalBlue exploit against unpatched Microsoft Windows devices or through credential stealing and the use of two Windows system administration tools. Like WannaCry, the attack demanded $300 worth of bitcoin.

Bad Rabbit

First spotted on October 24 2017, this cyberattack’s victims were mainly in Russia and Ukraine and was the third major distributed ransomware incident to have occurred in 2017.

This ransomware spread through "drive-by downloads", where insecure websites are compromised and their content altered to distribute malware, either directly or by redirecting the potential victim to another site controlled by the hacker. 

Compared to WannaCry and NotPetya, Bad Rabbit did not spread as widely, but it was still a notable size and speed of attack for a ransomware campaign.

Looking ahead to 2018

According to ESET, digitisation is a double-edged sword as today’s cloud‑ and app-based environments provide an easy target to sidestep traditional network security, meaning the perimeter of protection has expanded. As organisations continue to embrace digitisation, the threat landscape in 2018 will only increase.

Working closely with IT teams to make smarter cybersecurity investments will be the key to ensuring every facet of the business is protected in the long run.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.