Acronis True Image
formerly Acronis Cyber Protect Home Office

The year 2016 saw the death of many beloved artists, musicians, actors and athletes. It was also the last year that only IT security and operations professionals know the answer to the question, “What is ransomware?” In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.

Here are a more few predictions on 2017 developments in the evolution of the ransomware menace:

  • The ransomware epidemic will continue to grow exponentially, with criminals collecting at least $5B in 2017, as the number of ransomware families explodes and new variants come out at a dizzying pace.
  • Ransomware criminals will continue to reap impressive profits with far less risk of being caught, making it the most popular malware scheme in the world. Endpoint security vendors will continue to struggle to keep up in a losing arms race with these increasingly well-funded high tech bad guys.
  • The ranks of dumb ransomware frontmen will continue to swell. Part of the genius of the ransomware racket is that it mimics the distribution model of the SaaS industry, enlisting legions of small-timers whose sole job it to infect target machines. Getting into this end of the game is extremely easy for anyone with a computer who his willing to flout the law for a small cut of ransoms collected: no deep technical expertise or complex malware coding skills are required.
  • Ransomware infiltration and propagation techniques will get more sinister and clever. Late 2016 saw the debut of one of the most evilly ingenious ransomware propagation schemes yet, in which a victim is offered their decryption key for free if they successfully get two other users infected – a trope borrowed from early-2000s horror film “The Ring”. Phishing schemes will remain the most popular ransomware attack vector, becoming ever more personalized and effective. Encryptors will crowd out blockers as the ransomware tactic of choice, as more users become aware of how relatively easy blockers are to defeat.
  • In 2016, the cloud was a useful haven for storing backups to protect against ransomware attacks that propagate across local-area connections. In 2017, new ransomware variants will be able to exploit cloud connections to attack cloud-based backup instances as well. Users will have to scramble to find cloud providers that can defend against these attacks.
  • New methods of ratcheting up the pressure on victims to pay quickly will emerge. Today, techniques include increasing the amount of ransom and deleting files for every extra hour the victim takes to pay. In the future, ransomware variants will get more diabolical, threatening to exfiltrate and expose information that is sensitive (health and financial data) or embarrassing (browsing histories and intimate photos) if the victim doesn’t pay in a hurry.
  • Initially, more victims will be willing to pay ransoms, but this trend will fade as it becomes clear that many criminals habitually renege on their promises to deliver decryption keys for payment, and that recovering from one attack does not prevent a victim from being targeted again and again.
  • Ransomware developers will continue to reinvest their profits into developing code that is more resistant to security-industry defenses and deconstructions. The utility of free decryptors from security vendors will shrink as more ransomware developers learn how to implement robust encryption schemes.
  • Anti-virus, behavioral defenses, whitelisting and blacklisting, and other current endpoint-oriented defenses against ransomware will still show persistent, fundamental weaknesses in fighting ransomware attacks. Some novel new defenses will nonetheless emerge, with machine learning becoming a more important weapon in the war on fast-evolving ransomware variants.
  • A rigorous data protection regimen – one that includes the routine creation of on-premise, cloud and offline backups -- will remain the only foolproof mechanism for defeating ransomware attacks.

2016 may have been an ugly year in many ways, but at least ransomware hadn’t yet become the scourge it will be in 2017, which will feature wildly successful, widely-reported ransomware attacks on famous celebrities, large government institutions, huge corporations, and millions of consumers. By this time next year, even your mom will have an idea of what ransomware is about – and that will not be a good thing.


About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.