How Ransomware is Changing: New Tactics, Methods, and Risks

While many people are familiar with the basics of ransomware, the details of this threat, like all aspects of cybersecurity, are constantly evolving. As new developments unfold, it’s crucial to stay updated on the latest tools, tactics, and procedures used by attackers.

In this post by Nick Graf, Assistant Vice President of Information Security and Risk Control at CNA Insurance, Graf breaks down recent changes in the ransomware landscape.

Graf also offers predictions of ransomware, spoiler alert: it’s not going anywhere anytime soon.

1. Malware uses new tactics to avoid detection

Traditionally, ransomware involved gaining access to a system, encrypting its contents, and demanding a ransom.

However, we’re now seeing attackers evolve their methods. Some ransomware variants use CAPTCHA tests to ensure they’re interacting with human targets rather than automated security tools.

Others try to detect if they’re running in virtual environments, where security researchers may attempt to reverse-engineer them.

Some attackers have even started running malware inside virtual machines to avoid detection by antivirus software.

2. Payment extractions are becoming more complex

The methods used to extract ransom payments are also changing. While attackers still encrypt data and demand a ransom, they now frequently exfiltrate data as well.

If their initial demand is rejected, they may threaten to publish the stolen data unless a payment is made to delete it. In some cases, the attackers have even attempted to auction stolen data on the dark web when the ransom goes unpaid.

3. Reputation scores help victims make informed decisions

One of the biggest uncertainties during a ransomware event is whether the attackers will follow through on their promises.

Will the decryption key be delivered, or will the data be deleted as promised? To address this, some companies now assign reputation scores to different ransomware groups, offering a sense of assurance that the criminals will keep their word if a payment is made.

4. Decryption tools can present risks

Though decryption tools for many ransomware variants exist, there has been an increase in malicious or poorly designed tools that can cause further harm.

These tools may corrupt encrypted data, making recovery impossible. Users, often eager for a quick fix, may unknowingly run the wrong decryption tool, resulting in irreversible damage

5. Service providers remain prime targets

Ransomware attackers are increasingly targeting service providers, especially those in IT, healthcare, legal, and accounting sectors.

A breach in a service provider’s system doesn’t just affect their data, it can lead to further spread of malware to their clients. A robust vendor management program is critical to mitigating these risks.

Ensure you understand your vendors, their data access, and the security measures in place.

Future of Ransomware

Looking ahead, ransomware attacks will continue to evolve. While traditional systems remain a target, new areas are emerging.

For instance, older mobile devices, especially those that install apps from third-party stores, are increasingly vulnerable. Attackers are also exploiting malicious browser extensions, often sneaking them into legitimate app stores.

Even smart home devices from lesser-known manufacturers may become targets if they aren’t properly secured. Healthcare and law firms, in particular, are likely to remain prime targets due to the high value of their confidential data.

Attackers may also exploit current global crises, like the ongoing pandemic, by masquerading as official health information to trick users into clicking harmful links.

Take Action to Safeguard Your Data

Protecting your data has never been more important. At Mason-McBride, we understand the dynamic nature of ransomware and how important it is for businesses across various industries to obtain cyber insurance.

Through our strong partnerships with industry-leading carriers, we offer insurance solutions that help mitigate these threats.

Find out how Mason-McBride can protect your data and request a proposal.

For helpful tips on other popular topics, check out articles on:

Article By Jamie Parry

Disclaimer: The information, examples, and suggestions presented in this material have been developed from sources believed to be reliable. However, this is not legal advice, and CNA and Mason-McBride cannot accept responsibility for its applicability to your specific circumstances: no one should act based on this article without first seeking appropriate professional advice, including advice of legal counsel, based on a thorough examination of their situation, relevant facts, laws, and regulations. This material is for illustrative purposes and does not constitute a contract.

Request Your Proposal Here

Are you ready to save time, aggravation, and money? The team at Mason McBride is here and ready to make the process as painless as possible. We look forward to meeting you!