In the first part of our blog about ransomware, we reviewed its history and examined how ransomware had advanced technologically over time. In this post we would like to discuss the future of this cyber attack and suggest that it will increasingly target corporate data centers with APT-based campaigns.
RansomWeb launched earlier this year represent a more aggressive take on conventional ransomware, namely encrypting people’s PCs and asking for payment, typically between 100$ and 2000$. This time malicious attackers were able to take over a financial company’s website servers, and modified them to gradually encrypt data stored in their databases. During a few months the database backups were also overwritten with encrypted entries, making them useless. Once critical damage was caused, attackers demanded high sums of money to unlock the databases.
Though only a handful of RansomWeb attacks has been since reported, we expect this type of extortion to grow rapidly in 2016, both in numbers and sophistication.
Corporate data centers are ransomware players’ next target. Here is why:
- Data centers hold the most sensitive, lucrative information. Targeting corporate data centers where victims’ most sensitive and critical data is stored, will enable the extortion of potentially huge sums of money, on a totally different scale than the current ransom of $100-2000 per infection.
- Conventional ransomware campaigns that target individual PCs often deny access to arbitrary files that are not of high importance to the victims. The result is that in many cases the victims will not pay the ransom. With data centers on the other hand, chances are victims will be more likely to succumb to the ransom request.
- Data backups, previously used as the wall of defense against ransomware, are not able to compete with gradual database encryption. To minimize the impact on performance and stay undercover, attackers can encrypt only few critical fields in the database, which are more than enough to achieve the paralyzing effect.
- Financially motivated professional cybercriminals operate successfully in the wild, and are constantly looking for new targets. Hackers like those behind the Carbanak APT, Morpho/Butterfly APTs, GameOver ZeuS group and others are fully capable of conducting ransomware attacks on data centers. It is a multi-million opportunity they won’t miss.
- Many corporates share a common data center architecture, embedding limited number of technologies. Ransomware data center APTs against such targets should be relatively scalable once a foothold is achieved, making it exceptionally profitable.
The rise of ransomware APTs that are specifically adjusted to target data centers would become a significant risk to corporates asking to protect their most valuable assets. With data centers shifting to the cloud, ransomware is set to become a challenge for cloud security vendors. Guardicore has the key to help your organization tackle this challenge successfully.