Raytheon UK

Menu Dropdown

Ransomware: Is the worst yet to come?

Data hostage-takers are innovating quickly, Raytheon experts warn 

Computer systems around the world have fallen victim to WannaCry, a malicious computer program that locks away data until the owner pays a ransom.

The WannaCry ransomware attack may be just the start of a new wave of hacks-for-hire, Raytheon cyber experts warn.

Ransomware is on its way to becoming a $1 billion market, and attackers are quickly finding new ways to exploit its reach, said Michael Daly, chief technology officer at Raytheon Cybersecurity and Special Missions.

“Gone are the days of simple annoyance with viruses and worms,” Daly said.

WannaCry and other ransomware programs infect computers, search for important-looking data and then encrypt those files. The software then demands a payment to unlock the files.

Some ransomware users have introduced tiered payments, giving victims a choice of how much data to free, said Josh Douglas, chief strategy officer for Raytheon Foreground Security.  Others are attacking specific users in return for a cut of the profits, a model known as ransomware-as-a-service.

Some attackers have even introduced “affiliate programs,” encouraging victims to infect their friends in return for a decryption key, Douglas said.

This screen capture shows what people see when their computers are infected with a variant of the malware called WannaCrypt0r 2.0.

Raytheon has been tracking WannaCry since it first began spreading across Europe in May 2017, and experts at Forcepoint Labs have been posting technical information about the worm on their blog. The worm appears under various names, including WCry and WannaCrypt0r 2.0.

Criminals have been working quickly to counter efforts by governments and businesses to stop the spread of the worm. For example, they issued a new variant of WannaCry that disabled a “kill switch” feature used by cyber defenders.

Published: 05/15/2017

Last Updated: 06/14/2017

Back to Top