The law-abiding cyber community might finally have some good news coming their way. As the first half of 2016 comes to a close, internet security researchers are observing a decline in malware’s – partciularly ransomware’s – activities.
According to reports, cybersecurity analysts responsible for analysing the trends and patterns in malware attacks, have seen an abrupt decrease in their payloads. Malwares like Angler, Dridex and Locky have significantly lowered their intensity in the past few months covered by the research. 2015 and the first two quarters of 2016 saw some unprecedented rate of malware attacks, hailed as the comeback of ransomware with improved tactics. Many of these ransomwares were able to earn hefty ransoms from high-profile victims from the healthcare industry, many of which included renowned hospitals.
The slowing of Lockey ransomware in its data encrypting tactics in particular comes as a big surprise because it was unleashing its payload and wreaking havoc among its victims until a few weeks ago.
Likewise, Dridex, a type of botnet that is usually distributed through malicious macros in Word documents, showed a sharp drop in its activity in the last one month. However, that doesn’t mean it’s not there at all; it’s probably lying dormant waiting for its turn to target the next set of victims. In fact, many of Dridex varients are still on the loose and inflicting major damages to unsuspecting networks. Through its peak notority in 2015, security vendors labelled Dridex – also known as Bugat or Cridex – as one of the most dangerous pieces of financial malware being circulated.
Furthermore, the biggest shocker to come out of this news is the drop down in Angler malware’s activity. The malware re-emerged in the cyber community right after another malware – CryptXXX – plummeted in its operation. Going by its popularity in many attacks, Angler seems to be a favorite exploit kit among the cybercriminals, but the mysterious retreat in its activity has industry experts knits their brows.
Experts are uncertain as to the causation of the sudden faltering in malwares; the studies conducted show an almost abrupt halt in the ransomware attacks. Infosec experts speculate that cybercriminals might be purposely scaling down their attacks or the slow down could be happening due to the counter-offensive attempts made by security softwares such as antivirus and internet security suites.
But, as is the case with the information security community, experts are not ruling out the likelihood of increased ransomware attacks in the months to come. Worse, some industry analysts are dreading the chances of new types of attacks brewing in the hackers’ circle, which might prove to be a difficult challenge for security vendors to break through.
The problem with such predictions is that there is little to nothing – except dreaded anticipation – that the security community can do unless an attack surfaces and vendors can carry out a thorough forensic investigation to understand a malware’s nature.
The Ransomware Menace
It’s noteworthy to mention that ransomware’s abrupt halt in attacks, although welcoming, is fishy because they were on a roll since last year to encrypt data and withheld it in exchange of hefty ransoms.
In April this year, a ransomware attack crippled the DC-based MedStar Health line of hospitals that operates in more than 4 states. The hospitals’ computer network was locked by a ransomware that demanded payment in bitcoins in exchange of files decryption.
The day after the attack took place, MedStart issued a statement stating that they “… acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up paper transactions where necessary.”
The gang behind the ransomware asked for 45 bitcoins from the hospital administration in return of locked data.
Likewise, Methodist Hospital in Henderson in Kentucky, Ottawa Hospital in Canada, Chino Valley Medical Center and Desert Valley Hospital in California (both part of Prime Healthcare) were a few other hospitals that fell prey to similar cyber attacks in the recent past. Many of these institutions were able to fight back the ransomware menace and retrieve data safely by utilizing their advanced security software.
U.S. websites reported a loss of almost $24 million to ransomware threats in 2015, according to a finding by Federal Bureau of Investigation (FBI).
An effecient way to combat ransomware is to use antivirus programs that use heuristic analysis and study the software behavior including unknown files. If the antivirus detects a program as threat, such as the use of an encryption tool, it can isolate the suspicious process and block it. An antivirus program with auto-sandboxing feature is an added advantage for such situations.
“Companies can prevent and mitigate malware infection by utilizing appropriate backup and malware prevention and detection systems, and training employees to be skeptical of emails, attachments, and websites they don’t recognize,” suggests FBI in their website, adding that, “the FBI does not condone payment of ransom, as payment of extortion monies may encourage continued criminal activity, lead to other victimizations, or be used to facilitate serious crimes.”