Have We Reached "Peak Ransomware"?

There was an article with the title: "Don’t panic: We’ve reached ‘peak ransomware’" in a publication called The Memo. They decided to ask an expert: Rik Ferguson, VP of security research at AV company Trend Micro. (He looks a bit like Christopher Lambert from the Highlander movie don't you think?)

He said: " “In a word, it’s huge, it’s huge and has been consistently growing for at least the last three years.”

Oh, I agree with that. But wait. Things quickly get into the twilight zone.

Ferguson continued with: “The reason criminals are putting their focus on ransomware as an attack vehicle is because it works, it generates income and it’s relatively simple to do, it’s also easy to distribute by spamming it out or sending links.”

Still, we are very much on the same page. However, what raised my eyebrows was the following quote:

"Peak Ransomware"

"But Ferguson, a 15-year veteran and rockstar of the cyber security world, believes we may be reaching ‘peak ransomware’."

Huh? Now we are getting in the twilight zone... The article continues:

"Last year Trend Micro reported a 752% increase in the number of ‘families’ of ransomware, but this explosion in popularity along with WannaCry’s highly public attack, could be ransomware’s downfall.

Ferguson says WannaCry’s creators “may have killed the goose that laid the golden egg” when it comes to ransomware. “It was so widespread and received so much news coverage which serves as a fantastic awareness-raising tool for anybody who wasn’t really taking ransomware very seriously.”

Ok, that is obviously true. We got a massive inflow of interest at KnowBe4. And yes, stepping employees through new-school security awareness training which includes frequent simulated phishing attacks certainly will help in preventing ransomware infections.

But now comes the twist that everyone with a bit of knowledge about this criminal economy will see is highly improbable. Here is what they claim:

"The second reason why ransomware could be coming to an end is because WannaCry broke the ‘trust’ between victims of the attack and criminals because those who paid the ransom didn’t get their data back. “And the message picked up by the public is even if you pay you’re not going to get your data back, which undermines the criminal business model which relies of trust.”

And they continued with:

If no one believes they’ll get their data back even if they pay, then the criminals out there will quickly abandon ransomware in favor of more profitable attacks. And if that happens ransomware could disappear just as quickly as it’s arrived."

Now here is someone that has succumbed to their own wishful thinking, and confused the badly coded WannaCry with professional and sophisticated Russian ransomware which even provides tech support to get your files decrypted. And even WannaCry did actually work and after payment decrypted the files.

The moment you know which ransomware strain has infected your machines, it's clear as daylight what the chances are to get your files back in the horrible scenario that your backups have failed. Recent major strains like Locky and Cerber deliver the decryptor after payment in practically all cases, we have done this dozens of times for people that called us for help. (Not our own customers by the way, these were people who found us because of our ransomware guarantee).

Ransomware Is Here To Stay And Will Get Worse

Just compare the current few hundred ransomware strains to the first years of virus infections and you will quickly conclude we are only in the early days, and things will get a lot worse before they will get any better.

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.

PS: If you are not a KnowBe4 customer yet, send a (free) Phishing Security Test to your users, and find out what the Phish-prone percentage of your employees is. Often a very effective way to get IT security budget for new-school security awareness training.