While many people are familiar with the basics of ransomware, the details of this threat, like all aspects of cybersecurity, are constantly evolving. As new developments unfold, it’s crucial to stay updated on the latest tools, tactics, and procedures used by attackers.
In this post by Nick Graf, Assistant Vice President of Information Security and Risk Control at CNA Insurance, Graf breaks down recent changes in the ransomware landscape.
Graf also offers predictions of ransomware, spoiler alert: it’s not going anywhere anytime soon.
1. Malware uses new tactics to avoid detection
Traditionally, ransomware involved gaining access to a system, encrypting its contents, and demanding a ransom.
However, we’re now seeing attackers evolve their methods. Some ransomware variants use CAPTCHA tests to ensure they’re interacting with human targets rather than automated security tools.
Others try to detect if they’re running in virtual environments, where security researchers may attempt to reverse-engineer them.
Some attackers have even started running malware inside virtual machines to avoid detection by antivirus software.
2. Payment extractions are becoming more complex
The methods used to extract ransom payments are also changing. While attackers still encrypt data and demand a ransom, they now frequently exfiltrate data as well.
If their initial demand is rejected, they may threaten to publish the stolen data unless a payment is made to delete it. In some cases, the attackers have even attempted to auction stolen data on the dark web when the ransom goes unpaid.
3. Reputation scores help victims make informed decisions
One of the biggest uncertainties during a ransomware event is whether the attackers will follow through on their promises.
Will the decryption key be delivered, or will the data be deleted as promised? To address this, some companies now assign reputation scores to different ransomware groups, offering a sense of assurance that the criminals will keep their word if a payment is made.
4. Decryption tools can present risks
Though decryption tools for many ransomware variants exist, there has been an increase in malicious or poorly designed tools that can cause further harm.
These tools may corrupt encrypted data, making recovery impossible. Users, often eager for a quick fix, may unknowingly run the wrong decryption tool, resulting in irreversible damage
5. Service providers remain prime targets
Ransomware attackers are increasingly targeting service providers, especially those in IT, healthcare, legal, and accounting sectors.
A breach in a service provider’s system doesn’t just affect their data, it can lead to further spread of malware to their clients. A robust vendor management program is critical to mitigating these risks.
Ensure you understand your vendors, their data access, and the security measures in place.
Future of Ransomware
Looking ahead, ransomware attacks will continue to evolve. While traditional systems remain a target, new areas are emerging.
For instance, older mobile devices, especially those that install apps from third-party stores, are increasingly vulnerable. Attackers are also exploiting malicious browser extensions, often sneaking them into legitimate app stores.
Even smart home devices from lesser-known manufacturers may become targets if they aren’t properly secured. Healthcare and law firms, in particular, are likely to remain prime targets due to the high value of their confidential data.
Attackers may also exploit current global crises, like the ongoing pandemic, by masquerading as official health information to trick users into clicking harmful links.
Take Action to Safeguard Your Data
Protecting your data has never been more important. At Mason-McBride, we understand the dynamic nature of ransomware and how important it is for businesses across various industries to obtain cyber insurance.
Through our strong partnerships with industry-leading carriers, we offer insurance solutions that help mitigate these threats.
Find out how Mason-McBride can protect your data and request a proposal.
For helpful tips on other popular topics, check out articles on:
- Decoding E&O Insurance Policy Language
- Cyber Coverage Exclusions
- Social Engineering Scams
- Cyber Threats to Law Firms
Article By Jamie Parry
Disclaimer: The information, examples, and suggestions presented in this material have been developed from sources believed to be reliable. However, this is not legal advice, and CNA and Mason-McBride cannot accept responsibility for its applicability to your specific circumstances: no one should act based on this article without first seeking appropriate professional advice, including advice of legal counsel, based on a thorough examination of their situation, relevant facts, laws, and regulations. This material is for illustrative purposes and does not constitute a contract.