Ransomware is so 2017, right? Well no, actually…

It may be hard to believe, but it’s over 18 months since the WannaCry ransomware attacks struck worldwide. The malware hit major global players such as FedEx, Boeing and Renault amongst many others, causing widespread disruption and data loss and bringing the issue of cybercrime in general to the front pages.

While we’d all rather such far-reaching and destructive attacks never happened, there is one hard-won silver lining to the events of 2017. These attacks caused us all to take a step back and re-evaluate our approach to cybersecurity and consider not only the technologies we put in place to protect ourselves from such attacks, but also how our own behaviour can increase or decrease the risks we face online.

Whilst ransomware attacks are no laughing matter, the extensive coverage and subsequent heightened awareness of ransomware and cyber security actually made the hackers’ jobs more difficult. We all did a bit of soul-searching and sought to better protect ourselves from these threats; so there’s a silver lining, if you’re looking for one. Furthermore, that these attacks took place just as most of us were gearing up for GDPR only served to increase our appreciation of the fact that data security in this digital age was a pressing priority.

So now we’ve (hopefully) all bolstered our security, perhaps upgraded our firewalls, installed some dedicated anti-ransomware software, maybe even invested in some cyber-security awareness training, we’re all safe and cosy. There’s no way the bad guys are getting the better of us now, yeah?

Not quite.

Ransomware had been around long before the events of 2017, but it was only the WannaCry attacks (and the Petya attacks that followed soon after) that brought it to the public consciousness in a big way and as such, it’d be easy to think that ransomware was and is the pinnacle of malware technology; if only this were true.

There have been a number of developments in malware behaviour and attack vectors recently; you didn’t expect the bad guys to just fling in the towel after WannaCry, did you? Here are three of the more worrying developments:


The ability for non-technical criminals to essentially “buy” a ransomware attack – often from impressively designed and user-friendly sites on the dark web – is not new, but it’s certainly gaining traction. The fact that pretty much anyone with a grudge can launch an attack on a specified target without needing a great level of technical knowledge of the actual attack itself for only a few pounds/dollars/euros makes this a valuable revenue stream for those behind the attacks themselves and as such, is a problem that isn’t likely to go away any time soon.


This is a very recently observed type of attack that specifically targets cloud-hosted mailboxes, such as those located in Office 365, by using spear-phishing techniques to trick a user into divulging their mailbox credentials, at which point the attacker will proceed to encrypt all email in the environment and, as we’ve come to expect, demand a ransom be paid to restore access.

Ransomware theft

Recent ransomware variants such as CryptXXXX aren’t content with just encrypting your files, but will attempt to steal Bitcoin from any machines where you may have a Bitcoin wallet installed. Other variants will silently harvest web logins for online banking, ecommerce, even corporate applications, allowing attackers to steal data from these services before proceeding to encrypt your machine.

The fact is that for every new style of attack the bad guys develop, the security vendors improve existing solutions and create new products to protect against these new attack vectors. As a result of this, the malware authors devise new and evermore ingenious ways to circumvent this increased security. After which, the security companies up their game again. So the baddies do the same. And so on, and so on.

In the face of this arms war, here’s a few examples of the technological developments from TSG’s security partners that can take your protection to the next level:

Sophos Intercept X v2

Sophos Intercept X and its anti-ransomware/anti-exploit technology kept a great many TSG clients safe throughout the attacks of 2017, but with the recent advent of Intercept X v2 this protection is now better than ever. Intercept X v2 and its deep learning technology uses machine learning and artificial intelligence techniques to detect previously unseen malware fast and uses the behaviour it observes on user machines to continually improve itself, without the need for direct human intervention.

Sophos Synchronised Security

Firewalls (the boxes that sit between your network and the big bad internet) and endpoint security (the software that sites on your laptops and desktops to keep you safe; what we used to call “antivirus”) have traditionally gone about their own business in blissful ignorance of what the other is up to. But with the advent of Synchronised Security from Sophos, this is no more. Your firewall and endpoint security can now talk to one another to better co-ordinate a response to keep you safe in the event of an attack at either level. It’s true what they say, teamwork makes the dream work!


Naturally it’s preferable to stop a ransomware attack from happening in the first place but with the best will in the world (and even the best endpoint protection money can buy) it’s always possible, however unlikely, that something nasty will slip through the cracks and wreak merry havoc.

What to do in these circumstances? Once ransomware has done its thing you can either pay the ransom (not recommended; do you trust these guys to give you back your data even once you’ve paid them?) or you rely on restoring unencrypted versions of your files from backup. Traditional media-based backup, as often found in SME environments, often runs once each night, meaning an attack late in the day can leave you with a large volume of lost work should you have to restore from backup. The Datto Siris & Alto BCDR appliances (business continuity & disaster recovery, in case you were wondering) can backup all your systems as frequently as every five minutes, meaning very little data loss in the event of an outage. Another product, Datto SaaS, can even plug into your Office 365 environment and back that up several times daily. With standard Office 365 backups only lasting for 30 days, this means you’ll always have access to your files – even those attached to deleted accounts.

So what’s the upshot here?

Well, that main thing to remember is that securing yourself against any cyber-attack, not just ransomware, is an ongoing and ever-evolving process and not a checklist that can be completed, filed and stuck on a shelf forever more.

Security vendors are forever playing cat and mouse with the malware-makers and if you want to stay safe you need to stay informed and seek advice from technology experts such as TSG, who will make sure you stay abreast of the cyberthreats facing your business and what you can do to protect yourself against them. We’re Sophos’ SMB Partner of the Year for the 8th year running and Datto’s EMEA Partner of the Year, so you know you’re in safe hands.