“In this scenario, if the victim says, 'You know what? I have backup files' and refuses to pay for decryption, the hacker can threaten to leak it all. We hear of ransomware being used in sensitive environments like in hospitals, but so far there hasn’t been significant damage. However, if the malware had first exfiltrated patient information and then encrypted it, that could have been extremely damaging,” Vaystikh says.
Norman Guadagno, chief evangelist at Carbonite, said Ransomware as a service (RaaS) will continue to gain foothold. The RaaS business model is an extremely attractive one given the minimal effort and low cost needed to launch an attack. This doesn’t require highly-sophisticated technology, a knowledgeable IT expert or even a large bank account to get off the ground. All you need is a mailing list of potential targets and RaaS does the rest as a one-stop-shop for hacking resources.
"Given the success these hackers have seen so far – a $1 billion business in 2016 alone – there’s no doubt RaaS will continue to gain traction. Fortunately, just as the cloud enables RaaS, it also enables safe cloud backup to protect against attacks," he said.
Lucas Moody, CISO at Palo Alto Networks, says ransomware isn’t going away. Ever wonder what economic driver has led to the explosion of bitcoin ATMs into affluent neighborhoods in the U.S.? His hunch is it is correlated with the number of ransomware infections affecting small businesses. Ransomware in 2016 has been a significant problem, and current trends suggest that this problem will not slow down in 2017. Business resilience and recovery capabilities are the best defense to avoid frequent trips to your local bitcoin ATM, he says.
Vaystikh also forsees the first cloud data center-focused ransomware. In 2017, ransomware will target databases, causing significant downtime. There are not currently many hackers attacking corporate networks with ransomware; information-stealing malware is the preferred tool, he says.
“But what we might see in the coming year is ransomware targeting places where there is less chance of backup files being available. For example, I think we’ll see that SMBs who move their files to the cloud generally do not have backups and do not know how to recover. Specifically encrypting cloud-based data like this would have a significant impact on cloud providers and cloud infrastructures,” he says.
Sign up for Computerworld eNewsletters.