{"id":19282,"date":"2017-12-28T02:41:00","date_gmt":"2017-12-28T07:41:00","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=19282"},"modified":"2019-11-15T22:37:49","modified_gmt":"2019-11-15T11:37:49","slug":"predictions-threat","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/predictions-threat\/19282\/","title":{"rendered":"Threat of the year"},"content":{"rendered":"<p>At the end of every year, our experts analyze the incidents that occurred and name one incident (or a trend) the story of the year. This year they did not have much to debate: 2017 was obviously the year of ransomware. Three ransomware epidemics (<a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/wannacry-for-b2b\/16544\/\" rel=\"noopener noreferrer nofollow\">WannaCry<\/a>, <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/expetr-for-b2b\/17343\/\" rel=\"noopener noreferrer nofollow\">ExPetr<\/a>, and the slightly less famous <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/bad-rabbit-ransomware\/19887\/\" rel=\"noopener noreferrer nofollow\">Bad Rabbit<\/a>) attracted a lot of attention, but at least one only <em>seemed <\/em>to be encrypting ransomware.<\/p>\n<p>Note that, although the incidents were sudden and took many users by surprise, our experts predicted the trends back in 2016. Costin Raiu and Juan Andres Guerrero-Saade wrote in Securelist\u2019s <a target=\"_blank\" href=\"https:\/\/securelist.com\/kaspersky-security-bulletin-predictions-for-2017\/76660\/\" rel=\"noopener noreferrer\">forecasts for 2017<\/a> that they expected the emergence of ransomware that could \u201clock away files or system access or simply delete the files, trick the victim into paying the ransom, and provide nothing in return.\u201d<\/p>\n<p>Let\u2019s recall the most important lessons of these attacks.<\/p>\n<p>Malware\u2019s lateral movement<\/p>\n<p>Those epidemics became famous because the malware encrypted not just one computer, but all of the machines on a network. This level of infiltration was possible thanks to the vulnerabilities disclosed by the Shadow Brokers information sink.<\/p>\n<p>By the time the epidemics began, however, the patches to prevent them already existed \u2014 but a lot of machines didn\u2019t have them yet. Moreover, some intruders are still using those vulnerabilities to this day (and quite successfully, unfortunately).<\/p>\n<p><strong>Lesson 1:<\/strong> Install updates when they become available, especially if they are directly related to security.<\/p>\n<h2>Noncritical systems<\/h2>\n<p>Among the victims of the encryptors were many systems that were completely unprotected from the ransomware, just because no one thought they had to be. Some of those systems were information panels and vending machines. Frankly speaking, nothing exists on those systems to encrypt, and no one would pay to decrypt them.<\/p>\n<p>But in those cases, the attackers did not choose their targets; they infected everything they could. The damage was significant. Reinstalling operating systems on those noncritical machines was and continues to be a costly time-sink.<\/p>\n<p><strong>Lesson 2:<\/strong> Protect all elements of your information infrastructure.<\/p>\n<h2>Sabotage instead of extortion<\/h2>\n<p>ExPetr lacked a mechanism that could identify a particular victim, which meant that even if the attackers wanted to, they could not give victims a decryption key. From that we can assume their aim was to cause as much damage as possible, and any ransom they collected was a bonus.<\/p>\n<p>This once again confirms that paying ransom is not a reliable method of data recovery.<\/p>\n<p><strong>Lesson 3:<\/strong> The only real way not to lose your data is to back it up and to proactively install protective solutions.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kart\">\n<p>Let\u2019s hope that these lessons will minimize the damage from similar attacks in the future. After all, according to our experts, in the next year, cybercriminals will continue to use encrypting malware in the style of ExPetr: as a cyberweapon for information destruction. You can find more details of our researchers\u2019 predictions for 2018 in <a target=\"_blank\" href=\"https:\/\/securelist.com\/ksb-threat-predictions-for-2018\/83169\/\" rel=\"noopener noreferrer\">this blog post on Securelist<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>2017\u2019s threat of the year was no contest (and no surprise)<\/p>\n","protected":false},"author":700,"featured_media":19283,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[2748,2546,420,2510],"class_list":{"0":"post-19282","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-badrabit","10":"tag-expetr","11":"tag-ransomware","12":"tag-wannacry"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/predictions-threat\/19282\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/predictions-threat\/12079\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/predictions-threat\/10050\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/predictions-threat\/14313\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/predictions-threat\/12529\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/predictions-threat\/12253\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/predictions-threat\/15063\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/predictions-threat\/14871\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/predictions-threat\/19414\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/predictions-threat\/4574\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/predictions-threat\/20593\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/predictions-threat\/9869\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/predictions-threat\/9949\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/predictions-threat\/8716\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/predictions-threat\/15583\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/predictions-threat\/9070\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/predictions-threat\/19181\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/predictions-threat\/19269\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/ransomware\/","name":"Ransomware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=19282"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19282\/revisions"}],"predecessor-version":[{"id":24149,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/19282\/revisions\/24149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/19283"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=19282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=19282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=19282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}