“As people begin to have less trust, it’ll cause a fundamental business change,” he said.
Danahy said that one method of forcing victims to pay the ransom is to threaten to publicly expose the encrypted data. For some organizations such as law firms, this could be significant. While there are ways to make it difficult or impossible to expose such data, not many organizations have the capability to accomplish that.
For many organizations, the important question is now how to protect the data from the near-certain attacks that will use unpatched exploits. In this situation, it’s not enough to tell people not to click on email links, because the malware can be triggered simply by arriving on the victim’s computer.
Adding to the complexity of dealing with these ransomware campaigns is the fact that the malware writers can use the released exploits to quickly reduce their costs and raise the effectiveness of their malware. “We’re going to see new exploits that reassert the virality of new ransomware campaigns,” Danahy said.
While prompt and aggressive flaw patching can reduce the risks of getting hit by a ransomware attack, some businesses are now dealing with the shortsighted decisions they made years ago when they didn’t design custom software they developed to easily handle regular updates. Those shortcomings can be overcome in the future with better programming practices.
But for now, potential victims (meaning nearly everyone) can protect themselves by good network hygiene and by making sure that they have backups that they know can be recovered.
Good behavior-based anti-malware software such as Barkly or Malwarebytes can help reduce the risk. An anti-encryption product such as Cybereason, which can detect when ransomware is about to begin encrypting files and then stop it in its tracks can also prove critical.
What we don’t know for sure is whether the next attack will be ransomware or something else. While WannaCry surely got a lot of public attention, it didn’t generate a lot of profits to cyber-criminals. It's possible that cyber-criminals will decide that the established ransomware model no longer pays and that it's time to develop a new attack method.
What might that next attack look like? It’s impossible to say for sure. But it's possible that a type of ransomware that skips the encryption and all of its overhead and uses simpler tactics such as large scale data extraction with the threat of exposure might do the trick against some victims. Think about what a wholesale release of your company’s private data do to your business? It’s worse than data encryption that you can remedy by restoring a backup, isn’t it?