The chaos caused by the WannaCry and Petya ransomware attacks in 2017, which infected organisations across the United Kingdom, alerted the nation to the costly and damaging threat.
WannaCry locked victims out of their files, demanding payment to be sent to the attacker’s Bitcoin wallet in order to regain access. It is estimated that the malware caused as much as $4bn in damages during its four-day peak that May.
In the UK, the incident became a political matter due to the severity of the attack on the National Health Service (NHS) systems, which resulted in £92m worth of damage, forcing the UK to take action.
“The UK government responded, and it had the means to respond and the ability to,” Bill Conner previously told Verdict.
While ransomware attack volume grew by an average of 11% globally in 2018, the UK saw such attacks decline by 59%. It was one of just two regions, alongside India, to see an improvement.
“It’s like your house. I go rob it once, I’m going to keep coming back if you don’t do something different and you have good stuff,” Conner explained. “The UK was a gold mine, so where do they go next? More to Germany and more to the US, where it’s just easier to get the gold.”
Ransomware rears its ugly head again
However, despite the UK’s improvement in 2018, ransomware has seen resurgence in the UK market in the first half of 2019.
Just 2.2 million ransomware attacks occurred in the UK in 2018. However, according to SonicWall’s latest Cyber Threat Report, 6.4 million attacks have already occurred in the first half of 2019.
A year-over-year (YoY) increase of almost 200% with half of the year still to go suggests that the UK is once again the top target of cybercriminals after financial gain.
The increase in global volume of ransomware attacks was significantly lower at 15% YoY, up from 110.9 million from 96.6 million. Likewise, the US and Germany, which saw ransomware attacks increase by 62% and 205% in 2018 respectively, have both seen attack volume decline in 2019 so far.
Cybercriminals are using ‘malware cocktails’ to evade detection
According to Conner, the sudden rise in ransomware attacks in the UK can be attributed to new, advanced malware strains that are capable of avoiding detection by the single-layer cybersecurity solutions that many still rely on.
“Cybercriminals, today, are executing with extreme agility and the jump in such attacks is attributed to the creation of never-before-seen ‘malware cocktails’ – concocting new, deadly strains that are harder for traditional, single-layer security controls to identify and block,” Conner explained to Verdict.
SonicWall’s Capture ATP sandbox and RTDMI technology, which automatically analyses code in order to discover newly developed threats, has already found 194,000 new threat variants this year. Likewise, the technology has picked up 74,400 new malware variants, showing the extent that cybercriminals are going to in order to avoid detection.
Ransomware-as-a-service enables low-skilled cybercriminals to carry out attacks
The global increase in ransomware attacks is also likely, in part, due to a rise in ransomware-as-a-service (RaaS), Conner believes.
As the price of Bitcoin widely fluctuated in 2018 and targets became more difficult to hit, some expert cybercriminals turned to offering these pre-built ransomware solutions on the dark web. These kits offer access to high-quality ransomware tools, which earn their creator money through subscription fees and commission on successful attacks.
While much of the financial damage caused by large-scale ransomware attacks was due to lost productivity and security fixes, rather than the payment of ransoms, the attacker behind it still made off with more than £100,000 in Bitcoin. With access to advanced RaaS tools that require little technical knowledge, it became possible for even low-skilled threat actors to attempt to make similar gains for themselves.
Cerber is the most commonly used form of RaaS. The software, which is available to cybercriminals in exchange for a 40% cut of any ransom paid, accounted for 101.6 million attacks in 2018. That was approximately 49% of all ransomware attacks that occurred throughout the year. SonicWall has already detected 39.5 million attacks using Cerber in 2019, approximately 36% of total ransomware attack volume.
“Globally, cybercriminals continue to pivot toward new tactics and that’s bad news because ransomware-as-a-service allows less programming-skilled actors into the malware game, and some targets are twice-victimised,” Conner said.
UK organisations must deploy multi-layered security approach to avoid attack
“As the cyber-arms race continues to escalate, there is increasing pressure on the UK businesses to truly understand the nature of malware cocktails,” which pose a threat not only to the finances of enterprises through ransomware attacks, but also to citizens’ data should a breach occur, Conner warned.
In order to counter the increasingly sophisticated threats being deployed by cybercriminals, businesses must deploy their own security cocktails in response.
“Businesses need to deploy a layered security approach utilising next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability,” Conner said.