There are few threats that are as commanding as much attention right now as ransomware is. It infects thousands of PCs every day, generates millions of dollars for the attackers behind the campaigns, and there’s not clear solution to the problem on the horizon. To help enterprises understand the threat, researchers at NCC Group built a ransomware simulator that mimics the behavior of ransomware samples and shows the kind of damage that can be done by an infection. On the Wire spoke with Donato Ferrante of NCC about the simulator and the future of ransomware infections.
What was the main goal when you decided to build the simulator?
Donato Ferrante: We had a number of clients interested in understanding the impact of ransomware on their systems. We build a number of our own tools in-house and we felt this fulfilled a need that hadn’t yet been satisfied by off-the-shelf products.
What level of understanding do you find organisations have of the ransomware threat right now?
Ferrante: I think that organisations are now more aware of the ransomware threat than they were in the past. There’s the constant news coverage, and people are seeing it affect others in the real-world. This has caused many businesses to sit up and take notice. By performing some data mining via Google Trends [1], we can get some interesting data:
– Ransomware began to be a noticeable problem in 2013
– Ransomware gained a lot of public interest in 2015
– Ransomware is a very high-interest topic in 2016
The Google Trends page also shows some interesting information about possible geographical distributions of the ransomware.
Do you plan to continue work on the simulator and to update it?
Ferrante: Yes, the idea is to keep the simulator up to date. Malware writers are always evolving their strategies and we’ll be mirroring that in the tool’s development.
How do you see the ransomware threat evolving in the near future?
Ferrante: Ransomware is a very interesting class of malware and given its nature it’s very hard to remove. Since it tends to live longer than other kinds of malware – and every year there are multiple new variants appearing – the landscape for the upcoming years looks a bit disconcerting. There are several sources like [2] [3] which show that the trend for ransomware is steadily increasing. It certainly looks like this trend is going to increase in the upcoming years, which is all the more reason for organisations to be as prepared as possible – and that’s where our simulator comes in.
[1] https://www.google.ca/trends/explore#q=ransomware
[2] https://researchcenter.paloaltonetworks.com/wp-content/uploads/2016/05/Ransomware-infographic-v5-REVERSE.jpg
[3] https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-27-2016-zcrypt-jigsaw-and-more/