Our 6 Ransomware Predictions for 2020
Our 6 Ransomware Predictions for 2020
Ransomware strains exploiting Windows Safe Mode will proliferate
Safe Mode is a special mode of Windows operating system where only the bare minimum of services and drivers are loaded up. This mode can be extremely useful for IT administrators troubleshooting problematic or non-booting systems. Its utility has not gone unnoticed by hackers either. When Safe Mode is enabled, endpoint anti-virus and anti-malware protection are usually deactivated. Recent strains of ransomware, such as “Snatch”, reboot the system into Safe Mode and then encrypt the victim’s hard drive. This sneaky trick is likely to continue.
Ransomware attacks will be more targeted
While indiscriminate ransomware attacks are still occurring, they are also becoming more targeted. Attackers continue to use tools like Shodan to exploit vulnerable RDP ports, but are also performing background checks on their targets. Being better informed enables them to tailor their ransom demands. This might explain why your Linkedin account is being viewed so many times in private mode.
Ransomware and hackers to get even smarter. Hackers will go to extra lenghts to make sure you’re backups get deleted too
More families of ransomware variants will perform network and system enumeration. Smart ransomware detects your network topology, the number of endpoint devices and the software applications you’re running. This enables hackers to pick the most suitable tool for the job whilst allowing them to propagate their ransomware more effectively. Not only this, but hackers showed another worrying behaviour in 2019. Rather than deploying their ransomware straightaway, many hackers will infiltrate your network first to manually delete backups before releasing their encrypting payload.
Emotet and Trickbot will continue to be precursors to ransomware attacks
Emotet and Trickbot will continue to be initial attack vectors for ransomware attacks. The city council for Lake City in Florida got hit by Ryuk ransomware in July which cost the state body $460,000. The attack post-mortem revealed that Emotet was the initial attack vector which was subsequently used to download Ryuk.
Data ex-filtrating ransomware will become more common
2019 saw the first strains of data exfiltrating ransomware in the form of “Maze”. This malware stole 32GB of data before it encrypted the network share folders of the City of Pensacola. To prove their pocession, they released 2GB of the stolen data into the public domain. Releasing data into the public domain to shame the victim into paying the ransom is a trend which is likely to continue.
Public sector organisations will continue to be a target
Public sector bodies such as county councils and universities will continue to be a target. In May, the City of Baltimore (USA) had to take all its servers offline due to ransomware attack which used a ransomware strain known as Robbinhood. The council estimates that the whole incident cost them $18.2 million between lost revenues from property transfers and emergency IT system cleanup costs. Notable public sector targets of ransomware in Europe include the Police Federation of England and Wales, which had its servers and databases crippled by a ransomware attack. In December, Maastricht University in the Netherlands got hit by a crippling strain of Clop ransomware just two days before Christmas. Almost all their systems had to be taken offline. Just a few days previous to this attack, a government employee in Fechenheim, Frankfurt clicked on an Emotet-laden email-attachment purporting to be from a city authority. This necessitated most of their IT system being taken off-line.
An analysis of the major ransomware events of last year still places the end-user in the foreground of many attacks. Email and malicious URLs are still a major problem. Having users well trained to detect phishing and avoid inadvertently downloading malware can be an extremely worthwhile investment.