Threat: Let’s begin with some good news: After years of sometimes dizzying year-over-year increases, ransomware attacks seem to have plateaued.
“The security industry has gotten a lot better at stopping ransomware,” says Webroot CTO Hal Lonas. “Maybe it’s too soon to declare victory, but it seems to be under control, and maybe even declining a little bit.”
And now, alas, here comes the inevitable bad news: Though ransomware strikes are becoming less numerous, Lonas and others say they’re also becoming more targeted, more effective, and more dangerous.
“They’re getting very, very good at the socially engineered aspect of the attack,” says Jon Clay, a cybersecurity expert at Trend Micro, of ransomware perpetrators. “They’re doing their due diligence on understanding the victim upfront.”
They’re also squeezing victims for more money. The criminals responsible for last year’s SamSam attack, for example, collected over $6 million before being indicted.
Numbers like that are too tempting for hackers to resist, warns Tim Brown, vice president of security at SolarWinds MSP. Besides, he continues, ransomware is an easier way for attackers to make money. People looking to steal data must get past a victim’s defenses, locate something valuable, exfiltrate it, find a buyer, and then launder their earnings. Ransomware is a comparatively low-effort crime.
“The ransomware model from a business perspective will continue simply because it’s clean, simple, and there’s more revenue to the bad guy,” Brown says.
Countermeasure: End user awareness education is a critical weapon in the fight against ransomware. So too, though, is artificial intelligence, which WatchGuard CTO Corey Nachreiner considers an increasingly important—and speedier—supplement to behavior-based antimalware solutions.
“It’s immediate,” he says. “With all the behavioral sandbox stuff, sometimes it’s immediate if we’ve seen it before, but if it literally is a brand-new thing, which is quite common frankly, we have to wait for a little bit of an analysis.”
That said, Nachreiner continues, behavior-based tools remain the most effective. According to recent data from WatchGuard, traditional, signature-based solutions block about 63 percent of malware, and artificial intelligence-based technologies block about 80 percent of the rest. It takes behavior-based software to block the remaining 20 percent, though, indicating that while behavior-based systems may be slower than AI they’re also more thorough.
