Ransomware has been around for decades, but, in recent years, the threat of ransomware has grown dramatically. The WannaCry ransomware outbreak in 2017 demonstrated that ransomware was a profitable attack vector, and the creation of cryptocurrencies like Bitcoin made it easy for attackers to demand and receive ransom payments.
The pandemic also contributed to the rise of ransomware as cybercriminals took advantage of the rise of remote work and the increased importance of healthcare organizations. As remote work becomes part of business as usual, the ransomware pandemic continues to grow.
Ransomware is an evolving threat to corporate security. The original ransomware campaigns were relatively simple. The malware was delivered via email or exploitation of a software vulnerability and encrypted files on the infected machines. If the ransom was paid, the attackers provided decryption software that enabled the victim to restore normal operations.
In the last few years, ransomware campaigns have evolved quickly. One major change is in the infection vectors used. Ransomware now mainly targets remote access solutions, exploiting VPN vulnerabilities or using compromised employee credentials to log in via RDP.
The techniques used by ransomware operators to force victims to pay the ransom have changed as well. The ability to restore from backups neutralizes the impact of data encryption, so ransomware has branched out to data theft as well. Modern ransomware operators threaten to leak stolen data if a ransom is not paid by the victim and, in some cases, their customers. Some ransomware groups also use the threat of Distributed Denial of Service (DDoS) attacks as incentive to meet their demands.
Finally, the ransomware threat has evolved due to role specialization and the creation of the Ransomware as a Service (RaaS) model for attacks. Instead of a single group developing malware, infecting organizations, and collecting ransoms, ransomware authors now distribute their malware to “affiliates” for use in their attacks. RaaS provides affiliates with access to advanced malware and enables the ransomware authors to scale their campaigns, increasing the ransomware threat.
The success of ransomware has prompted many different cybercrime groups to develop their own variants. Some of the most prolific and famous ransomware variants include:
The wide variety of ransomware variants and attack vectors can make it difficult to defend against and remove them. Protecting against one ransomware attack vector may provide no security against another.
Check Point Harmony Endpoint Protection offers market-leading ransomware detection and prevention capabilities according to the MITRE Engenuity ATT&CK Evaluations. Learn more about the ransomware pandemic and other cyber threat trends in the 2021 Cyber Attack Trends report. You’re also welcome to sign up for a free trial to see the ransomware prevention capabilities of Harmony Endpoint for yourself.