- The Washington Times - Thursday, January 25, 2018

Ransomware attacks nearly doubled in 2017, thanks in part to the U.S. government losing control over a classified hacking tool, cybersecurity researchers wrote in a new report.

Ransomware detections increased by 90 and 93 percent last year over 2016 among consumers and businesses, respectively, and leaked National Security Agency source code was somewhat responsible for the surge, according to research published Thursday by Malwarebytes, a Silicon Valley cybersecurity firm that specializes in the prevention and remediation of malicious software.

Typically ransomware works by encrypting data on infected computers and then holding it hostage until a payment is received by cybercriminals, usually in the form of cryptocurrency like Bitcoin. The source code to an NSA exploit known as EternalBlue was leaked online in April 2017, and cybercriminals subsequently repurposed it to make two of most disruptive strains of ransomware ever unleashed, WannaCry and NotPetya.

Researchers said they saw a drastic spike in ransomware detections in the months after the leak, and that most of the incidents involved instances of WannaCry, a particularly damaging strain that infected computer systems in more than 150 countries after being unleashed last May.

Specifically, Malwarebytes said its analysts logged a 700 percent increase in ransomware between July 2017 and September 2017, with more than half of that surge linked to versions of WannaCry, according to its report.

Despite the spike, researchers said ransomware appears to have fallen out of style among cybercriminals as of late.

“At the beginning of the year, the domination that ransomware had over the primary infection vectors made it seem like dealing with ransom malware would be the new norm moving forward. However, trends over the last few months have shown a shift away from ransomware,” the report said.

“The likely motivation behind this move involves a lower return on investment for the groups behind larger ransomware families. The adoption and use of antiransomware technology, backup precautions and a greater general knowledge of threats and protection methods has resulted in fewer cases where the ransom is paid.”

The FBI’s cybercrime division previously said it received 2,673 complaints involving ransomware in 2016 totaling over $2.4 million in losses. The FBI has advised against victims paying cybercriminals in order to regain access to computers infected with ransomware.

U.S. and U.K. intelligence officials last year blamed the North Korean government with unleashing WannaCry. Pyongyang has denied responsibility.

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide