In a new report examining cybersecurity trends for the quarter, it sounds like “ransomware” — emphasis on the air quotes — will remain very much in vogue through 2017.
The last few months saw some major malware moments, most notably the WannaCry and NotPetya (a.k.a. ExPetr/Nyetya/Petya) attacks. Kaspersky Labs’ quarterly report suggests that the trend is likely here to stay for now, as waves of increasingly sophisticated hacks further the veiled aims of shadowy individual actors and governments alike.
As the report explains:
“While very different in nature and targets, both were surprisingly ineffective as ‘ransomware.’ For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction… The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.”
Given major malware’s trend toward disruption rather than monetary gain in 2017, the report also mentions that we should expect to see more hacks targeting energy companies and infrastructure. That kind of attack is designed for maximum damage and can even paralyze an entire nation, as we saw with Ukraine in 2015. (It’s no coincidence that BlackEnergy, the entity believed to be behind the Ukraine power grid, appears to be related to the Not Petya attack.)
Of course, attacks of this nature do massive financial damage too, but it’s damage at scale for its own sake. That scale and style is a departure from a true ransomware attack, which holds machines and data hostage in order to fatten up an attacker’s bitcoin wallet. Still, due to early confusion, a misguided early narrative declaring an attack to be ransomware often prevails.
If ransomware isn’t really ransomware, is it a wolf in wolf’s clothing? Like a grey wolf in an eastern timber wolf’s clothing? The answer to that is far from clear, but we should certainly expect more major malware incidents and more misdirection about their objectives as we move deeper into the cyber strangeness of 2017.