Ransomware attacks are changing in their nature and execution. What do these changes tell us about the current cybersecurity climate?
2017 has seen two of the most high profile ransomware attacks yet: the WannaCrypt attack in May, and the Petya attack in late-June. Both of these attacks had many of the characteristics we’ve come to associate with ransomware attacks: encrypting files and demanding a payment in Bitcoins in order to obtain a decryption key. However, in nature and execution they varied from the more ‘traditional’ attacks we’ve become used to.
In this blog post we’ll explore what makes WannaCrypt and Petya different, and what this means for businesses protecting themselves in 2017.
Unsuccessful Ransomware Attacks?
Why do people launch ransomware attacks? The simple answer has always been ‘to make money’. For some time now, ransomware attacks have been an extremely profitable exercise for cybercriminals. Global ransomware damage costs are predicted to exceed $5 billion in 2017, as ransomware becomes more sophisticated and easier to deploy.
But on this basis, both WannaCrypt and Petya represent remarkably unsuccessful ransomware attacks. WannaCrypt is said to only have extorted around $130,000 – relatively little for such a high-profile attack. Petya, meanwhile, had such a rudimentary payment system that it was shut down almost as soon as the attack started to take effect.
So were the WannaCrypt and Petya attacks a failure?
Ransomware – A New Paradigm
If WannaCrypt and Petya were deployed by cybercriminals to make money, they were an objective failure. However, in two respects – publicity and damage – they were a huge success.
WannaCrypt and Petya were both picked up by global news organisations almost instantly. They became huge news, based in no small part to the high profile organisations that they targeted. WannaCrypt’s most high profile victim was the NHS, whilst Petya caused significant damage to advertising firm WPP and transport firm Maersk.
With household names being brought to a standstill, it’s no wonder that the news of these ransomware attacks reached far beyond the IT and security communities.
The Landscape is Shifting
Many have speculated that the WannaCrypt and Petya ransomware attacks were deployed to cause absolute chaos and gain maximum publicity. On this basis, they were a big success! Victims of the attacks were left crippled for days and even weeks, and their success ensured that anyone ignorant of ransomware attacks before were no longer so naïve to their threat.
But what were the motives behind this? Without knowing who the perpetrators of the attacks were it’s hard to say. What we can say, however, is that the cybersecurity landscape is shifting. As we become ever more reliant on technology in our work and home lives, the dynamics of the cyber-threat landscape become more complex.
Ransomware attacks can no longer be seen purely as a means by which to extort money from victims. This makes it even more important to protect yourself from attack; as Petya demonstrated, you may not be able to recover by simply paying the ransom.
At Capital Support we help our clients protect themselves from the threat of ransomware attacks. Contact us if you’d like support with your cybersecurity preparedness.