Ransomware was a persistent threat throughout all of 2017, and things may be getting worse going into 2018, cautions Bogdan "Bob" Botezatu, senior e-threat analyst at cybersecurity firm Bitdefender.
According to his company's recent Global Threat Landscape Report for 2017 (PDF), 2017 saw the emergence of over 160 ransomware families, each of which spawned dozens, if not hundreds, of variations. And attackers have been aggressively pumping all that ransomware to email inboxes of potential victims.
Bitdefender's data reveals that one in six spam emails carries ransomware. That's a big deal, considering that in November 2017, over 464 billion spam emails flowed across the world's networks each day, reports Talos, Cisco's threat intelligence business.
Those figures may be staggering, but there's another reason to be wary of ransomware going into the next year. Ransomware coders are getting craftier, warns Botezatu.
The Growing Sophistication of Ransomware
"Ransomware authors operate in a highly saturated environment where competition is harsh. This means, not only do cyber criminals have to fend off security countermeasures built by anti-malware solutions, but also have to be faster, quicker and easier to monetize than other malware families," said Botezatu, characterizing the cutthroat nature of the illicit ransomware market.
"Fighting the competition also means increasing malware's complexity by developing better anti-malware evasion techniques, faster and more robust encryption algorithms, lateral movement tools and even bundling zero-day exploits such as those leaked from the NSA in newer strains of malware," added Botezatu.
Beware Banking Trojans
Some attackers aren't taking a chance on getting paid and are directly targeting bank accounts.
"Banker Trojans have witnessed an unexpected revival this year. After a brief period of inactivity, banker Trojan families such as Terdot have made it back with major redesigns and enhanced capabilities," observed Botezatu.
"Most of these families of malware now feature powerful web-proxy components that can be used to harvest more than financial information: they also go after social network and email accounts, proving cyber-criminals look to monetize data other than credit card and e-banking information," Botezatu said.
How to Protect Your Small Business
Given all this, it may appear that the deck is stacked against small businesses. Luckily, there are steps small business owners can take to fight back.
"SMBs are once again in the crosshairs of malware creators," Botezatu said. "With a significant attack surface, and in some cases, the absence of a dedicated IT security team means SMBs need to deploy malware defenses that are able to block both traditional malware and newer attack avenues, such as the manipulation of PowerShell and WMI [Windows Management Instrumentation] via file-less attacks and lateral movement techniques."
Technology can help, but an effective defense starts with people.
"As these attacks get increasingly complex and leverage the human factor, companies also need to consider significant investment in training staff—executives included—on best security practices at work. It must include how to spot a phishing email, what to do when they stumble upon a malicious attachment, among other things," advised Botezatu.