Ransomware attacks are increasingly using multiple proven capabilities to spread quickly and achieve the maximum impact before being thwarted. They are going to get bigger going forward and will begin targeting other major platforms such as OSX, Android and others, warns Justin Peters, technology solutions director in APAC for Sophos in an interview with Information Security Media Group.
"Four or five years ago the industry was more used to seeing this kind of worm activity, so really all that we are seeing now is cybercriminals shifting gears and trying different proven techniques of spreading malware without relying on phishing attacks," he says (see Crypto-Locking Ransomware Attacks Spike)
The main reasons for the widespread nature of the WannaCry and NotPetya ransomware campaign are the techniques being used to distribute the malware much more rapidly than before, he says. One of the main vectors for spreading ransomware in the past few years has been through email phishing campaigns that require user intervention. "What's unique about the recent NotPetya outbreak and the WannaCry incident is that they utilize approaches or tools to propagate in a worm-like manner, without user intervention," he says (see Latest Ransomware Wave Never Intended to Make Money).
Peters believes that going forward, while the Windows platform will continue to be heavily targeted, cybercriminals are already looking at other popular OS platforms. Recently a South Korean company paid the largest ransom ever recorded for a ransomware attack at over $1 million dollars, for unencrypting their Linux servers. And there have been some attacks in the wild targeting OSX or the Mac platform, he says (see South Korean Hosting Firm Pays $1 Million Ransom).
"I think what we are seeing is the beginning of ransomware propagating to other platforms beyond windows," he says. "Probably one of the biggest concerns out there is the problem of ransomware on Android, because it's harder to detect the telltale signs as the smaller screens on mobile devices provide much less information."
In this exclusive audio interview (player link below image), Peters talks about how the ransomware landscape is shaping up and what defenders can expect going forward. He covers:
- The NotPetya campaign and implications;
- Changing techniques and objectives of cybercriminals and malware authors;
- How this threat is evolving and what to prepare for.
Peters has worked at Sophos over the last twelve years, in a variety of customer facing technical roles. For the last four years he has led the APAC technical team, assisting partners and customers adopting Sophos' security solutions. In his capacity as APAC technology solutions director, Peters regularly presents the Sophos word at events throughout the region. Peters has a background in computer engineering and experience running his own business as well as working in the channel.