2017 was the year of ransomware. WannaCry, NotPetya, Locky and Cerber were some of the ransomware families which made it a year to remember, at least for the victims. Millions of computers were infected in mass campaigns some of which swept the globe in hours.
In comparison 2018 to date has been relatively quiet. Industry pundits say this is because cyber crooks are concentrating on cryptocurrency mining malware which secretly steals processing power to mine for digital currencies.
However, ransomware certainly hasn’t gone away, it’s just got a lot stealthier. Ransomware families that are currently doing the rounds include:
- SamSam is used in very targeted attacks. It seeks out potentially vulnerable targets which are connected to larger networks. Once a computer is infected it spreads throughout the network. Those behind it are resourceful and experienced in identifying and targeting vulnerabilities.
- GandCrab provides an affiliate model for hackers who rent it out and pay a measure of profit to its creators. It’s similar to everyday software, in that it regularly receives software updates and bugs are fixed as soon as they are discovered.
- DataKeeper ransomware is also regularly tweaked and updated to help it avoid detection. Its creators follow the security industry closely and when researchers talk online about DataKeeper’s code structure and how it was stopped, the ransomware creators amend it accordingly so it continues to infect vulnerable computers.
Ransomware is certainly not dead; it’s just slipped under the radar as the mass attacks of last year have been replaced by low-key, targeted attacks.
But it’s certainly not gone away and it’s probably only a question of time before we see another attack on the scale of last year’s WannaCry, which is why we must always ensure we have the best protection possible