Ransomware is entering a new phase where malicious data encryption can be used to potentially cripple markets, governments, or even whole economies.
In the decades-long history of digital information security, few threats have proven to be as deceptive and destructive as ransomware.
Defined as malware that encrypts data on an infected device generally for the purpose of extorting a ransom payment, ransomware attacks increased more than 750 percent last year alone.
Even worse, research shows less than half of the organisations affected by a ransomware attack are ever able to recover all their data.
Following a widespread outbreak of the Petya malware earlier this year that cost companies hundreds of millions of dollars, many feared, correctly, that Petya would be the first sign of a new wave of ransomware variants with the ability to spread within hours or days and render affected endpoints and servers unusable.
Digital security companies are fighting back with specialist ransomer recovery and can now block suspected ransomware programs, prevent unauthorised data encryption, and backup data.
Bad Rabbit ransomware
It seemed defenders were making progress against criminals using ransomware.
However, the emergence and rapid propagation of a new ransomware family called Bad Rabbit suggests malicious data encryption is not going to be fought off so easily.
Bad Rabbit is different than previous ransomware efforts because, according to researchers at Cisco Systems, it uses stolen NSA exploit EternalRomance that allows attackers to gain full system access.
Also, unlike most previous ransomware attacks that rely on haphazard, rapidly assembled command-and-control infrastructure that often fails soon after an attack begins, Bad Rabbit’s back-end data-collection mechanisms were carefully constructed well in advance.
Bad Rabbit’s creators — according to FireEye researchers — are thought to be using the malware to spy on government agencies in Russia and Ukraine — rather cash ransoms.
Bad Rabbit is the beginning of a new phase in the evolution of ransomware where extracting a ransom payment is a secondary or even unnecessary objective.
Ransomware is instead becoming a method for distracting and distressing victims in order to conduct cyber espionage campaigns and play havoc on a global scale.
What can be done?
To combat the rise of ransomware it needs to be remembered that paying a ransom is no guarantee that data or system access will be unlocked.
Instead, organisations must plan for ransomware attacks in the same way they plan for power or internet outages and run host-based prevention programs.
Importantly, ransomware isn’t going away. Bad Rabbit is just the latest and won’t be the last. Organisation that prepare now will suffer least in the future.