This article is sponsored by Barracuda
2016 was named the year of ransomware by IT security analysts, which suggests that our attention will shift to a new technology or threat in 2017, but sadly, judging from what we have seen so far, this is unlikely to be the case.
Despite a significant effort by government organisations and IT security companies to raise awareness about ransomware:
- The techniques employed by ransomware are becoming more complex;
- The profits from ransomware are still estimated to be growing rapidly;
- Ransomware remains the #1 IT security challenge today.
The actual number of ransomware incidents across Asia Pacific are unknown, as the majority of cases are thought to go unreported. Despite this, the actual number of reported incidents is on the rise across Singapore, Malaysia, Indonesia and the whole of Asia Pacific.
Although information about combating ransomware is becoming more available, the techniques employed by ransomware are also becoming increasingly complex. Whilst this is a trend seen across all types of cyberthreats, a kind of back and forth war between the cyber-attackers and defenders, the large and growing amount of revenue generated by ransomware is thought to be accelerating its evolution, as we will examine below:
Sage 2.0 Ransomware
A perfect example of this rapid evolution is Sage 2.0. The original Sage ransomware was first reported in late 2016 and was never widely distributed, but after just a few months, it had evolved and is now packaged with two of the most widely used exploit kits, (the tools that hackers use to detect and exploit vulnerabilities). The implication is that what was at first a little known ransomware variant is now likely to become one of the most common due to its availability amongst the cybercrime community.
Fortunately, the email carrying the malicious Sage 2.0 attachment can easily be stopped by many antivirus solutions, however, should it generate attractive profits in the short-term, it is possible that we will see another evolution, a Sage 3.0, before long.
This ransomware, which gets its name from the original Star Trek series, has boldly gone where no ransomware has gone before by extorting its victims for the crypto-currency Monero, rather than the more commonly used Bitcoin.
This shows, for the first time, that cybercriminals are diversifying the way they get paid, the lifeblood of the ransomware epidemic. In case you're not familiar, Monero promotes itself as a totally anonymous payment system. Whilst Bitcoin keeps a record of all transactions on a distributed ledger, Monero uses encryption so that all transactions are entirely untraceable, making it perfect for criminal activities.
Sign up for CIO Asia eNewsletters.