Trends 2018: The ransomware revolution [source: welivesecurity]
by CIRT Team
This is actually where I came in, nearly 30 years ago. The first malware outbreak for which I provided consultancy was Dr. Popp’s extraordinary AIDS Trojan, which rendered a victim’s data inaccessible until a ‘software lease renewal’ payment was made. And for a long time afterwards, there was not much else that could be called ransomware, unless you count threats made against organizations of persistent DDoS (Distributed Denial of Service) attacks.
While Denial of Service attacks amplified by the use of networks of bot-compromised PCs were becoming a notable problem by the turn of the century, DDoS extortion threats have accelerated in parallel (if less dramatically) with the rise in ransomware in the past few years. However, statistics may be obscured by a reluctance on the part of some victim organizations to speak out, and a concurrent rise in DDoS attacks with a political dimension rather than a simple profit motive. There are other complex interactions between malware types, though: there have been instances of ransomware variants that incorporated a DDoS bot, while more recently the charmers behind the Mirai botnet chose to DDoS the WannaCryptor (a.k.a. WannaCry) “kill switch” in order to allow dormant copies of the malware to reactivate.
The worm turns
Of course, there’s a great deal more to the malware ESET calls Win32/Filecoder.WannaCryptor than the Mirai factor. The combination of ransomware and worm accelerated the spread of the malware, though not as dramatically in terms of sheer volume as some of the worm attacks we saw in the first decade of the millennium, partly because its spread was reliant on a vulnerability that was already widely patched. However, its financial impact on major organizations caught the attention of the media worldwide.
For more, click here.