May 7, 2018 By Douglas Bonderud 2 min read

Although major, widespread campaigns such as WannaCry drove a 415 percent increase in ransomware attacks last year, recent research revealed that the threat vector is fading in 2018.

F-Secure’s “The Changing State of Ransomware” report found that the lack of big paydays for even the most headline-worthy campaigns has led to a gradual decline in these types of attacks. Users recognize that even paying up doesn’t guarantee the safe return of data.

Ransomware News Revolves Around WannaCry in 2017

2017 was an interesting year for ransomware. Strains such as Locky, Mole, Cerber and CryptoLocker remained popular and the number of new malware families increased by 62 percent to reach 343 strains worldwide last year. However, F-Secure Security Advisor Sean Sullivan noted that this type of activity began to taper off after last summer and that the “ransomware gold rush mentality is over.”

The exception was WannaCry, which accounted for 90 percent of all ransomware attacks reported in 2017. The first wave of these attacks was stifled by the discover of a kill switch. While this gave security professionals time to regroup, it didn’t stop subsequent infections because WannaCry spread like a worm across vulnerable SMB ports — the more hosts it infected, the greater its reach.

This not only bolstered second-wave WannaCry numbers, but it also led to the development of unique variations, some of which kept the worm qualities but ditched the encryption. F-secure noted that these variants made the impact “less noticeable for victims” but still caused problems “in the way of downtime and service outages due to the worm’s bandwidth consumption.”

Emerging Trends in Ransomware Attacks

The report also touched on emerging trends, such as the shift toward crypto-mining thanks to bitcoin value gains through 2017. Crypto-mining malware leverages unused central processing unit (CPU) cycles and “draws considerably less attention than ransomware,” according to the report. Attackers are also adjusting their aim and targeting corporate environments instead of individuals since enterprises offer better potential returns.

Finally, the report pointed out that while WannaCry — and, to a lesser extent, Locky — “dominate prevalence statistics,” they aren’t necessarily the most successful ransomware attacks. WannaCry only raked in around $140,000, but a unique Linux variant of the Erebus ransomware nabbed a $1 million payout for attackers last year from a South Korean web hosting firm.

The bottom line is that although WannaCry had the greatest reach and staying power in 2017, attackers are now shifting gears to create targeted corporate campaigns and leverage crypto-mining tools.

More from

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today