McAfee Scientist Details Chilling Future of Ransomware
If the future of ransomware doesn’t scare you, nothing will.
At last week’s Channel Partners Virtual, Raj Samani, McAfee‘s chief scientist, gave a keynote titled “The Future of Ransomware: Explained.” And while his presentation on the future of ransomware concluded with some encouraging comments, what came before was pretty hair-raising.
“You’ve got some very capable threat actors that are actively innovating, actively developing new ways to be able to demand more money,” he said. “There are other criminal groups out there that are just simply copying. Not only are they copying it, they’re replicating it with such success that they’re making millions and millions of dollars.”
The “siloed” effect of criminal gangs working independently is a thing of the past, Samani said. Therefore, expect the future of ransomware to involve whole groups of cybercriminals working together.
In addition, the psychological barrier for committing digital crime is much lower than for a physical crime, he said.
“Cybercrime is the only area of crime that has a help desk,” Samani said. “We contacted the help desk of a number of ransomware groups and asked … why are you doing this? We pretended to be students. And for those that answered, they said, ‘We’re doing this for the money,’ which we expected anyway. But we asked them, ‘Are you scared or worried about the repercussions?’ And not a single one of them were worried about potential physical harm.”
That likely wouldn’t be the case for those committing physical crimes, he said.
A good indication of the future of ransomware is Snake/EKANS, Samani said. This summer, it targeted a carmaker and went directly after its production systems.
“It’s literally putting a chokehold on a company’s ability to fundamentally do what it does,” he said. “And in this particular instance it was to make cars. What this represents is a further hardening of criminals to identify ways and manners in which they can absolutely squeeze the life out of the victim organization. And if that means going after operational technology (OT), then they will do that. And they will do that for the very simple reason that it allows them to demand more money for ransomware payments.”
Economic incentives are pushing cybercriminals to target organizations they know will pay or believe will pay, Samani said. They’ll go inside an environment, learn how it works and then prevent that organization from operating.
“This is a very simple ROI,” he said. “It’s made considerably easier by the fact that we have now become more digital. The construct and belief that we had an air gap between IT and OT now has very much disappeared because of efficiencies and innovation. And so the world that we live in today and certainly the things that we can expect for the future is these individuals … will continue to identify those specific areas that they believe will allow them to demand a maximum payment from victims.”
The future of ransomware includes continued growth of the “ransomware economy,” Samani said. And cybercrime already has proven itself a recession-proof industry.
“You’re actually going to be introducing a service-based economy that is largely based upon the ability for an individual to demonstrate their craft and skill,” he said. “You’re getting very good developers working with very good, skilled hackers, working with very skilled brute forces working with very skilled people who can traverse and network. Now you have a model where it’s almost like an all-star team.”
This service-based economy is getting deeper and broader, Samani said. That means …