Ransomware attacks up 400 percent in 2017 mainly due to WannaCry
Ransomware attacks grew by 400 percent last year, largely down to the success of the WannaCry attack. It’s perhaps not surprising that other variants slowed down, but this signals a shift in the way ransomware is being used.
A new report from F-Secure shows WannaCry accounted for nine out of every 10 ransomware detection reports by the end of the year.
The use of other ransomware by cyber criminals seemed to decline though. This is a phenomenon that F-Secure's security advisor Sean Sullivan says points to amateur cyber criminals losing interest in ransomware.
"After the summer, there was a noticeable shift away from the kind of ransomware activity that we’ve seen in the last year or two," says Sullivan. "The last couple of years saw cyber criminals developing lots of new kinds of ransomware, but that activity tapered off after last summer. So it looks like the ransomware gold rush mentality is over, but we already see hard core extortionists continuing to use ransomware, particularly against organizations because WannaCry showed everyone how vulnerable companies are."
While WannaCry remained active in the latter half of 2017, the majority of F-Secure’s detection reports were coming from Malaysia, Japan, Columbia, Vietnam, India, and Indonesia. There were signs of an overall decline in ransomware as 2017 closed, there’s also evidence suggesting that ransomware use will gravitate to more corporate focused attack vectors, such as by compromising organizations via exposed RDP ports. The SamSam ransomware family is known to use this approach and has already infected several US-based organizations this year, including the city of Atlanta's IT systems in a recent attack.
The change in ransomware use is down to several factors, according to Sullivan. "The price of bitcoin is probably the biggest factor, as that's made crypto mining a lot more attractive and arguably less risky for cyber criminals. I also think revenues are probably falling as awareness of the threat has encouraged people to keep reliable backups, as has skepticism about how reliable criminals are on delivering their promises of decrypting data. But cyber criminals will always try to pick low hanging fruit, and they’ll return to ransomware if the conditions are right."
The full report is available from the F-Secure website.