Story image

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next

14 Dec 2017

​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

According to ESET, ransomware is growing at a yearly rate of 350 percent and is showing no signs of slowing down. The attack method of illegal encryption of files or devices and then holding them to ransom has become increasingly popular among cybercriminals.

2017 saw ransomware outbreaks in more than 150 countries and the advent of the ‘ransomworm’, where in a few very notable cases, conventional file or disk encrypting ransomware techniques were paired with rapidly spreading network worm functionality.

The result was hundreds of thousands of computers around the globe fell victim to the virulent ransomware strains within just a few hours.

Senior research fellow at ESET, Nick FitzGerald says in the new year businesses are likely to be faced with continuing ransomware incidents, an upswing in DDoS attacks and an increased number of attacks against connected devices, on a much larger scale. 

“We have seen the cybersecurity landscape shift significantly over the course of 2017, with global attacks like WannaCryptor (aka WannaCry) and DiskCoder.C (aka NotPetya) setting disturbing high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign,” says FitzGerald.

“Cybersecurity awareness and vigilance must remain at the forefront of business agendas. Businesses small and large alike must develop cohesive, organisation-wide cybersecurity policies, but more importantly, they need effective, well-rehearsed response and recovery plans.”

Here’s ESET’s indepth look into the most popular strains of ransomware from 2017:

WannaCry

Easily one of the biggest cybersecurity stories of 2017, WannaCry wreaked unprecendented havoc across more than 150 countries where the attack spread like wildfire with its worm-like capabilities on May 12 2017.

The attack demanded $300 worth of bitcoin in ransom, affecting more than 230,000 users including the UK’s NHS and Spain’s Telefonica. ESET labelled this cyberattack as the worst of 2017.

NotPetya

This cyberattack affected banks, power companies, public transport, and postal, courier and shipping companies globally on June 27 2017.

The attack was seeded through the subversion of a software update mechanism built into an accounting program widely used by companies working in Ukraine or with Ukrainian partners – consequently a large number of Ukrainian organisations were affected.

Once run on one PC the malware spread rapidly across an organisation’s LAN either via the EternalBlue exploit against unpatched Microsoft Windows devices or through credential stealing and the use of two Windows system administration tools. Like WannaCry, the attack demanded $300 worth of bitcoin.

Bad Rabbit

First spotted on October 24 2017, this cyberattack’s victims were mainly in Russia and Ukraine and was the third major distributed ransomware incident to have occurred in 2017.

This ransomware spread through "drive-by downloads", where insecure websites are compromised and their content altered to distribute malware, either directly or by redirecting the potential victim to another site controlled by the hacker. 

Compared to WannaCry and NotPetya, Bad Rabbit did not spread as widely, but it was still a notable size and speed of attack for a ransomware campaign.

Looking ahead to 2018

According to ESET, digitisation is a double-edged sword as today’s cloud‑ and app-based environments provide an easy target to sidestep traditional network security, meaning the perimeter of protection has expanded. As organisations continue to embrace digitisation, the threat landscape in 2018 will only increase.

Working closely with IT teams to make smarter cybersecurity investments will be the key to ensuring every facet of the business is protected in the long run.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.