Ransomware wrap up: Future threats
To round up our ransomware series, we asked six security experts how the threat landscape is likely to evolve over the next couple of years.
“Ransomware incidents in Europe are likely to stabilise but will continue to grow dramatically in other EMEA regions, most notably in Africa and the Middle East. As these two regions move towards a more digital economy, they are increasingly exposed to cyber-attacks. Cyber criminals are taking what they have learnt from Europe and are applying these lessons to a new ground.
Quentyn Taylor, Canon EMEA information security and global incident response senior director
“With attacks still generating so much money for criminals, the number and impact of ransomware attacks will increase but this could lead to increased cybersecurity regulation and prevention guidance.
However, the reality is that the future of ransomware is very much here already. The number of hacks on IoT devices, reusable third-party software and OT will only continue to grow, given the success bad actors have seen in recent years.”
Daniel Dos Santos, head of security research, Forescout
“Ransomware gangs are becoming hack-everything-gangs. They will do whatever it takes to get money. The “gold” ransomware gangs have is not the ransomware. It’s the access to the victim’s passwords and systems. With that they can do anything they want to do (steal data and passwords, install crypto mining trojans, create botnets, do DDoS attacks, send out phishing attacks to name but a few examples). The ransomware gangs of the future therefore will look to every compromised victim as a potential bag of money and ask themselves how they can maximize their potential revenue. Eventually it will be’ good guy bot versus bad guy bot’ and the best bots with the best AI-algorithms will win.”
Roger Grimes, data driven defence evangelist at KnowBe4 (knowbe4.com)
“As defenders get better at doing backups and “simply” restoring lost files, ransomware writers also adapted. Now they exfiltrate files and threaten to release them unless the ransom is paid. They also message the victim’s customers and threaten them unless they pay. I’ve personally been on the receiving end of that after a data breach of one provider, receiving emails that have my name and home address and threatening to perform a home invasion and kill my family unless I pay them. “
Michael Smith, field CTO, Neustar Security Services
“Given the history of ransomware and how the threat has developed in recent years it’s likely that we will see smaller franchise-style ransomware operations which will either switch to pure exfiltration and abandon encryption of devices entirely or use ransomware software purchased from developers on criminal forums. Exfiltrating data from specific machines is easier than spreading ransomware across a whole network. It’s less noisy and there is no complicated or unsuccessful process of trying to restore encrypted files upon a successful negotiation, a frequent issue.”
Cian Heasley, security consultant, Adarma
“As fuel bills continue to be a growing concern for businesses and consumers at present, threat actors will weaponise operational technology environments more successfully than ever before, striking when energy providers are otherwise preoccupied. Given the global energy industry is already facing a turbulent time, we are most likely to see a major energy supplier taken offline, with threat actors tapping into these vulnerabilities and holding the service to ransom for their own gains.”
Todd Moore VP for encryption products Thales
This is the final part of TechInformed’s Ransomware report. To read the other parts, please click the links below:
Part 1: The hackers and their marketplace
Part 2: How hackers find their way in
Part 3: You’ve been hacked – so what’s the plan?
Subscribe to our Editor's weekly newsletter