Will Ransomware Die?

Ransomware has been one of the more prevalent security topics for past few years. Some probably think this form of digital destruction is here for the long haul. While this may be an accurate prediction, I can imagine a turn of events that would end this form of attack. To be clear, my theory is not that enterprise networks will plug every possible entry point. My prediction is that the ransomware business model COULD cease to be viable.

Let me expand on my position. For a business model to work, it has to have a monetization strategy. For ransomware, that strategy includes the victim sending money (typically bitcoin) to the attacker—trusting that they will be given the keys to decrypt their files. In this model, the victim has to trust their attacker [to do the right thing]. In and of itself, that seems to be an oxymoron and a plea in desperation.

So if these types of attacks fail to produce recovery options and gain widespread coverage, this trust is further eroded. To some degree this has already happened with Nyetya.

TALOS – New Ransomware Variant “Nyetya” Compromises Systems Worldwide

 

Without analyzing the key generation or key storage components, Talos believes that the actors behind Nyetya did not intended for the boot sector or the ten sectors that are wiped to be restorable. Thus, Nyetya is intended to be destructive rather than as a tool for financial gain.

If the industry sees widespread occurrences of failed recovery, ransomware IS dead. It doesn’t mean that we should quit protecting against the attack vectors that are used by ransomware. Those attack vectors are, and will remain, relevant for gaining an attack foothold in environments of all sizes. It is the attack payload that will change to support a different monetization strategy.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Security and tagged , . Bookmark the permalink.