McAfee Scientist Details Chilling Future of Ransomware
… more individuals will be targeted and compromised.
“And there are a lot more players in this and they are making good money,” he said. “That’s something that we certainly anticipate as the future.”
Malicious hackers will use any method to coerce payment from victims, Samani said.
“And of course, and ironically, the regulatory penalties associated with the release of personally identifiable information (PII) means that organizations are going to be in this awkward position of, if you don’t pay them, the data is going to be released,” he said. “Potential penalties are going to be X or Y. And so the future of ransomware means we’re going to see a lot more ancillary services purely there to facilitate or support the negotiations or the recovery from specific incidents.”
These services are necessary because ransomware developers are constantly innovating and finding ways to coerce payment, Samani said. And the amount of payments will continue to rise.
The future of ransomware is “building up to this crescendo … the number is increasing, the impact is increasing, the damage is increasing, and it does seem quite bleak,” he said.
“It’s absolutely imperative that we learn and understand the way this particular market is adapting and evolving,” Samani said.
Companies already are paying millions, and bad actors are holding cities hostage, with citizens unable to get access to their services, Samani said. The future of ransomware will feature more attacks on production facilities and hospitals.
The future of ransomware may look hopeless, but there is some good news, he said. The methods cybercriminals use aren’t the most sophisticated. Email phishing remains fairly high and constant, but remote desktop protocol (RDP) is actually the most common methodology.
“In many cases, many organizations leave the front door open,” Samani said. “So what can you do? Obviously, the first thing is looking at organizations and making sure that basic cyber hygiene is in place, making sure you don’t use things like RDP out on the internet without stronger authentication. That’s fairly straightforward and easy to do.”
For ransomware victims, No More Ransom can help, he said. Its goal is to help ransomware victims retrieve their encrypted data without having to pay the criminals.
“This is an initiative where we now have well over 100 decryption tools,” Samani said. “It is there to provide a service and it has now prevented 632 million euros from going into the hands of criminals. So it’s been a tremendous project.”
Start Building Your Data Privacy Program Now
By 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations. That’s up from 10% in 2020.
Gartner analysts presented these findings during this week’s Gartner Security and Risk Management Summit 2020.
More countries are introducing modern privacy laws in the same vein as the General Data Protection Regulation (GDPR), said Nader Henein, research vice president at Gartner. The world has reached a threshold where the European baseline for handling personal information is now the de facto global standard.
Some organizations are focusing on cutting expenses during the global COVID-19 pandemic; however, it’s important that they incorporate the demands of a rapidly evolving privacy landscape into their business’ data strategy.
Security and risk management (SRM) leaders should adopt key capabilities that support …