WannaCry and Cerber has totally dominated the ransomware landscape so far this year comprising almost all the attacks that have taken place, while other big names such as Locky were barely a blip on the radar.
Sophos' 2018 Malware Report found that between April and October WannaCry and Cerber were used in 89.5 percent of all attacks with the former with 45.3 percent just barely edging out the latter's 44.2 percent. Meanwhile Locky was found in only 3.9 percent of the attacks with Globeimposter, Petya and Jaff each being used less than 2 percent of the time. Sophos noted that WannaCry's jump to the top was facilitated by the old-school worm it used to propagate itself when it hit in May and June.
Cerber, despite being knocked into second place, is a very potent force and remains the most pervasive form of ransomware in use and maintained an even level of use while Wannacy had one huge spike and then more or less faded away.
Chester Wisniewski, Sophos' principle research scientist, said the world may be seeing “peak ransomware”.
“Ransomware as a problem is not going away, but it has spread to almost every place it can go,” Wisniewski said, further explaining that the malware has now hit every type of device capable of sustaining a ransomware attack.
The United States, 17.2 percent, and Great Britain, 11.1 percent, bore the brunt of attacks during this period.
There was also a shift in who was victimized by ransomware with healthcare, government, critical infrastructure and education being targeted.
Wisniewski told SC Media in a one-on-one interview that the healthcare industry was most likely the most targeted industry because it is the least capable of defending itself and not because cybercriminals singled it out. Noting that most hospitals and similar institutions tend to have weak security they just happened to get hit when the criminals sent out their ransomware attacks.
“They were not targeting healthcare it's just that hospitals are insecure that is why they are hit,” he said.
However, he also came to the defense of the healthcare industry stating they are often placed in the difficult position of having to choose between taking equipment offline for udpates or having it ready to help patients. In addition, many medical equipment providers do not allow their devices to be patched locally by the hospital staff and those that do so risk having their warranties terminated.
Wisniewski believes this situation will only change when the healthcare industry bands together to demand manufacturers offer to guarantee their hardware and software.
He also pointed out the human factor also has to change in hospitals and other critical infrastructure sectors. In many cases a hospital staff will bypass security settings, such as requiring each staffer to know their password, by simply placing a sticky note with that information on the machine. The thinking here, he said, is that it's better to have the machine ready for use in case of emergency than possibly losing a life while someone searches for the person with the password needed to turn on the machine.
“They have to socially change to make security better,” he said, but admitted these folks are again faced with a tough choice to make.