This article was first published as a part of the cover story in the February 2018 issue of Digit magazine. To read Digit’s articles first, subscribe here. You could also buy Digit’s previous issues here.
Ransomware was one of the biggest cybersecurity concerns over the course of 2017. Ransomware as a service is a business model in darknet marketplaces, which allows users to buy ransomware attacks. Ransomware developers stand to earn more than double the salary they would have got while working for a regular company. Three of the biggest attacks, Petya, WannaCry and Bad Rabbit, all used exploits from a leaked NSA cache. Patches for the exploits, EternalBlue and EternalRomance had already been released at the time of the attacks. Technically, the ransomware did not even use zerodays, or previously undiscovered security flaws.
Ransomware attacks are only expected to increase in 2018 and get more creative as well. The attackers have now understood which kind of organisations are vulnerable to attacks, and which kind of organisations have strong defences. For example, a logistics company or a health services company are both likely to have fewer defences in place, rather than say a company that offers financial services. Those looking to actually earn the money from a ransomware attack, are likely to target a few organisations instead of lots of individuals.
Research has shown that companies are more than willing to pay up the amounts that are demanded during ransomware attacks. That does not mean that an attack on companies will not adversely affect individuals. One of the high-value targets for ransomware attacks is cloud services companies. If storing data in the cloud, it is best to opt for one of the larger companies which have adequate resources to hire the best cybersecurity professionals, such as Amazon or Google.
So far ransomware attacks have only been restricted to Windows machines. In 2018, expect ransomware attacks to spread to Android/iOS devices. In fact, smartphone users have been fooled by malware that shows messages similar to a ransomware, demands a payment, and does not really even lock up data on the device. Another lucrative target for ransomware attacks in 2018 is a whole bunch of new devices that are known to have especially lax security. Expect IoT ransomware to lock up devices, with the price point set below the cost of just buying a new device.
How Google claims to protect your cloud data from ransomware
The best way to protect yourself against ransomware attacks is to install apps from trusted marketplaces, not click on suspicious links in emails, apply the latest security patches, and to store all critical data in an air-gapped hard disk. If an attack is successful on any of your devices, never pay the ransom, as making the payment is no guarantee that the data will, in fact, be decrypted.