{"id":11240,"date":"2018-06-04T12:25:32","date_gmt":"2018-06-04T08:25:32","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/evolution-of-ransomware\/11240\/"},"modified":"2019-11-15T15:23:05","modified_gmt":"2019-11-15T11:23:05","slug":"evolution-of-ransomware","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/evolution-of-ransomware\/11240\/","title":{"rendered":"The evolution of ransomware \u2014 and the tools to combat it"},"content":{"rendered":"

The past year of headlining ransomware is a result of what we can describe only \u00a0as an evolutionary leap. Serious-minded cybercriminals have transformed the once-simple file encryption threat into a fairly intricate tool \u2014 and all signs point to the evolutionary trend continuing.<\/p>\n

Pre-2017<\/h2>\n

In the \u201cgood old\u201d days, ransomware victims were predominantly casual bystanders. Cybercriminals slung spam far and wide, hoping to find at least one user with important files on their computer who would open the malicious attachment.<\/p>\n

But the situation changed in 2016. Increasingly, spammers\u2019 random lists were replaced by addresses, specially harvested, of company employees found online. The perpetrators had clearly figured out that attacking businesses was more profitable. The message content changed accordingly as well: Instead of masquerading as personal correspondence, the messages now seemed to come from partners, customers, and tax services.<\/p>\n

2017<\/h3>\n

In 2017, the situation changed again, this time radically. Two large-scale epidemics causing damage in the millions showed that ransomware could be used for purposes other than extortion. The first, the notorious WannaCry<\/a>, was a technological trailblazer. This ransomware exploited a vulnerability in the implementation of the SMB protocol in Windows. It was a vulnerability that had already been fixed, but many businesses just hadn\u2019t bothered to install the patch. But that wasn\u2019t the half of it.<\/p>\n

WannaCry was not successful as ransomware. Despite infecting hundreds of thousands of machines, WannaCry yielded only modest payoffs to its creators. Some researchers began to wonder whether the goal was money at all, or if it might instead be sabotage or data destruction.<\/p>\n

The next threat erased any doubts. ExPetr<\/a> was not even capable of recovering encrypted data\u00a0\u2014 it was a wiper<\/a> disguised as ransomware. Moreover, it employed a new piece of trickery. Using a supply-chain attack, the creators managed to compromise a piece of Ukrainian accounting software called MeDoc, exposing almost every company doing business in Ukraine to the risk of infection.<\/p>\n

2018<\/h3>\n

Events so far this year show that ransomware is still evolving. Our experts recently investigated a fairly new threat, the latest modification of the SynAck<\/a> ransomware. It was found to contain complex mechanisms to counter protection technologies, signs of a targeted attack. The countering measures include:<\/p>\n