Malware has been a concern since the 1980’s. It’s an awareness topic we update and refresh every March, and yet we never fail to find something new to discuss.
Last year, we focused on ransomware, a ‘real and present danger’ at the time with several high-profile organizations (such as the UK National Health Service) suffering disruptive and very costly incidents.
This year, surprisingly, the ransomware risk appears to have declined according to some reports, only to be replaced it seems by the next wave: cryptocurrency mining Trojans.
Meanwhile, we suspect reports of the demise of ransomware are premature. Compared to slowly milking a few Bitcoins from a large botnet of cryptominers, holding organizations’ or indeed individuals’ data to ransom for a few hundred dollars or more per hit seems much more lucrative – but also riskier for the criminals behind the scams.
Perhaps what's really behind this is the criminals’ risk-reward tradeoff.
Then again, maybe it's just that the analysis is flawed. Perhaps ransomware was not quite as bad as it seemed last March, and remains at much the same level today.
One of the perennial issues we face in researching the malware topic is that the most readily available information is published by antivirus companies, with an obvious commercial agenda to make the malware issue appear worse than it really is. Sifting through the stream of "surveys" and "reports" to find the few of any note and credibility is a tedious task, making this one of those areas where our security awareness service goes beyond the bare minimum. Rather than regurgitating the same old stuff and scaremongering, we're adding value by researching information risks and challenging the conventional wisdom. Innovating, you could say, or being unconventionally wise.