For those of you who have experienced the worst of Ransomware attacks in the form of WannaCry and Petya and believe that the worst is over; you never know what may await you on the other side of this New Year.
While the recent threat analysis reports by Quick Heal Security Labs suggest a significant decline in Ransomware attacks, it cannot be considered dead yet. In fact, the reason for this significant decline in Ransomware attacks can instead be attributed to the substantial growth in Cryptojacking or Cryptocurrency mining malware. One such prominent malware and threat distributor of 2018 being Emotet – a highly sophisticated cryptocurrency mining and banking Trojan.
Well, the price of digital currencies has grown exponentially over the past couple of years, which is one major reason for cybercriminals to dramatically shift their attention to cryptojacking. Besides, it is less risky and a comparatively simpler & secretive means of mining illicit money, till the time the infection is discovered.
Given this simplicity-to-mine, malware authors are increasingly replacing Ransomware with cryptojacking to mine easy targets like Monero (an open-source cryptocurrency) via malvertising, spear phishing, etc. After all, which hacker would want to resist a steady flow of income that a stealthy malware like cryptojacking can ensure and hence it’s boosted popularity!
Does that simply mean Ransomware is out of the game? May be not.
With the evolving threat landscape, even Ransomware is metamorphosing in the form of new variants of attacks. Like the recently observed RDP brute-force attack which is basically a kind of Ransomware attack that makes use of RDP. Attackers simply scan a list of IPs to find the default RDP port and launch a brute-force attack, which is basically a trial & error technique of guessing User name and Password. Once attackers gain access, they can easily bypass the system’s antivirus and infect the system.
Not to forget, GandCrab Ransomware – one of the most wide-spread cryptovirus found to have infected over 50,000+ nodes. While this cryptovirus had been in the wild since January, it has only kept evolving ever since.
Thus, even though Ransomware may seem to have become dormant, it’s much advanced variants still pose a significant amount of threat and it could just be too early to belittle the potency of Ransomware any time soon.