Ransomware is evolving into just another tool in hackers’ utility belts as cybercriminals move away from opportunistic attacks and move on to more profitable types of attacks, according to a report from Recorded Future’s Allan Liska.

The “5 Ransomware Trends to Watch in 2018” report examines the changing ransomware landscape, noting trends such as ransomware as a service that are already well known but also highlighting some surprising findings, particularly in light of attacks such as WannaCry in 2017.

Liska first described the shift away from opportunistic attacks, reflected by a rapid drop in the number of exploit kits being used. “The big EKs of 2016/2017, Sundown, Neutrino, and RIG, have fallen off,” Liska notes, with “no new EKs have stepped in to fill the void. This has occurred, in part, because there are fewer zero-day browser exploits to use in these EKs, rendering them less effective.”

Of those EKs still in existence, their focus has changed, with Liska saying that RIG has switched to delivering cryptocurrency miners rather than ransomware. “In general, there has been a move away from ransomware to cryptocurrency miners, largely for the same reasons that lead to the rise of ransomware in the first place,” Liska writes. “At this point, cryptocurrency miners are more profitable than ransomware” but “they are also more difficult to defend against. Until the security community catches up, cryptocurrency miners will continue to be profitable for attack groups.”

Liska noted that ransomware attacks have continued to drop off, but some industries will continue to be targeted, particularly healthcare. “Hospital attacks have not abated recently, instead they continue to move along at a steady pace and continue to be effective,” Liska said.

Despite the drop in ransomware attacks, ransomware as a service is poised to remain popular because it allows attackers to rent ransomware infrastructure rather than develop it themselves. That’s both “attractive to less experienced attackers because it allows them to get into the ransomware game quickly and painlessly,” Liska noted, and it “also appeals to more experienced hackers as well because it guarantees them a revenue stream, selling the RaaS to inexperienced newcomers.”

Photo: christiaancolen/Flickr