Last year was a big year for ransomware, with WannaCry and NotPetya grabbing headlines in various industries around the world.
Ransomware attacks grew by more than 400 percent over the year, while the number unique families and variants increased by 62 percent. These statistics, however, disguise an apparent change in the ransomware industry following the summer of 2017.
The figures and analysis come from F-Secure’s upstream telemetry and are published in a new report: “The Changing State of Ransomware.”
It is the sheer size of the WannaCry outbreak that started in May 2017 that muddies up the numbers.
WannaCry spreads like a worm via vulnerable SMB ports, and it will continue to seek to spread unless every single infection is eradicated.
By the end of last year, WannaCry accounted for 9 out of every 10 F-Secure detection reports. Most of these are in Asia and South America, but more recent reports of infections in Connecticut and North Carolina show it can still occur anywhere.
Beneath the dominance of WannaCry, closer inspection of the figures shows in the latter half of 2017, other ransomware detections declined. The general trend in new detections is downward.
F-Secure believes there are several reasons for this decline. One is the huge increase in the value of bitcoin and other cryptocurrencies. While bitcoin initially fueled the rise of ransomware through its relative anonymity, it is often a labor-intensive method of collecting revenue — with some criminals even providing ‘help desks’ for their victims.
The huge rise in the value of bitcoin toward the end of last year persuaded criminals to change tactics — instead of extorting cryptocurrencies they are now distributing crypto mining malware to steal users’ CPU cycles to ‘earn’ cryptocurrencies, according to F-Secure.
There is another hidden trend. A move away from mass-distributed spam-delivered ransomware toward more targeted attacks against business. WannaCry might again be partly to blame. That is because it raised awareness of ransomware among the general public who are now more likely to take better precautions and maintain backups.
In addition, the propagation method via SMB ports meant the WannaCry outbreak focused primarily on businesses. It demonstrated criminals could focus on the quality rather than quantity of targets in the hopes of getting a better payday, , F-Secure said.
Ransomware is not going away, but it is getting targeted on business. The massive spam delivery campaigns are being replaced by targeted attacks, sometimes using lesser-known ransomwares.
“For example in June 2017 a South Korean web hosting company paid a one-million-dollar ransom to cyber criminals after falling victim to a Linux variant of the Erebus ransomware,” F-Secure researchers said.
“There are many different ways people and companies can protect themselves from ransomware,” F-Secure researchers said. “The good news is that there are many ways to combat news is that someone will always be vulnerable to ransomware attacks and pay to get their data back. Until this changes, everyone should continue to back up their files and practice restoring them to avoid playing into the hands of online extortionists.”