Canadian Underwriter

What you need to know about the evolution of ransomware

April 14, 2018   by Jason Contant

Print this page Share

Brokers need to stay on top of constantly emerging cyber threats, as cybercriminals continue to adapt their techniques, particularly around ransomware.

Criminals are still very successful, says Matt Hartley, vice president of global services and intelligent engineering with cybersecurity company FireEye. “They’re still making money and so long as they’re making money, they’re going to be out there,” he said Wednesday at the International Cyber Risk Management Conference (ICRMC) in Toronto.

“Cybercriminals aren’t stupid. They are going to evolve to be more successful, just like a business would.”

Hartley suggested cybercriminals have moved away from early forms of digital ID theft to ransomware, which is their new “Number 1 vector to make money,” he said. Ransomware is much more effective than stealing credentials because it’s disrupting businesses and business operations.

The threat of ransomware itself is evolving, Hartley said. Events are now being tailored to increase the likelihood that the criminals will receive payment.

“When they [cybercriminals] first started off, all the ransom costs were the same all around the world,” he said. “Now, the ransomware attackers are smart enough to understand that if they lower the price to a certain amount, then it starts to become a hard decision for some of these companies. ‘Do I just pay, or do I try to bring in someone from outside?’”

Some criminals are tailoring their lures more specifically to companies, Harley reported. In some cases, they are sending employee surveys; in others, social engineering attacks are being held for holidays or a “particular victim going on vacation.”

Some ransomware authors are investing in technologies that will allow that ransomware to operate even if a computer network is offline.

For now, attacks in general have stayed in the cyber realm. But Hartley suspects that, at some point, cyber actions could ultimately lead to armed conflict. “If you think about India and Pakistan, for example, over the years they’ve had touch-off points that have cause them to have little flare-ups in their conflict,” he said. “We just think it’s a matter of time before cyber act, cyber act, cyber act, then physical action starts to occur.”