Rik Ferguson told a keynote audience at InfoSecurity Europe 2017, that even in the wake of WannaCry, which shut down public utilities, government departments and large companies across the world, there is still a silver lining, however slim.
Ferguson joined Pete Wood of ISACA and James Lyne, a security researcher with Sophos, on a panel entitled Risks, Threats and Adversaries: What (or Who) Should You Be Worried About?
The significance of WannaCry, the positive one at least, is that "it broke the trust model that ransomware feeds on". Ransomware, odd industry that it is, relies on a degree of trust between the predator and the prey: if your files are encrypted, the victim trusts the attacker to hand over the encryption key in exchange for payment.
WannaCry broke that trust, said Ferguson: "It may have killed the goose that laid the golden egg from a criminal perspective because it's made people aware that even if they do pay the ransom, they will not necessarily get their data back."
Not to mention the fact, Lyne added, that the event threw ransomware into sharp relief for the general public: "If there was a silver lining to wannacry, it's that it [grabs] people's attention" in regards to ransomware. What was once an obscure threat for a private individual, though an obsession for the security industry, is now a real and present danger in the minds of many more.
Ransomware, it should be said is far from dead. In fact, it appears to be in rude health: There were 246 new families of ransomware in 2016, compared to just 29 in 2015. A recent PhishMe report revealed that 97 percent of all phishing emails contain crypto ransomware and another report from Infoblox recorded a 35-fold increase in ransomware domains in 2016.
As awareness of the problem increases, ransomware's astounding success may turn out to be a weakness, too. "This rate of expansion and investment won't continue," Ferguson said. "It will plateau."