ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Ransomware - What May Happen in the Future?

Updated on July 12, 2017

Ransomware campaigns targeting medical centers and hospitals are becoming very popular among cyber criminals. Pacing through the JBoss servers, they managed to delete snapshot backups and even encrypt large portions of the network. Sadly, surgeries were delayed as a result and some patients even had to be moved to other hospitals.

When reading this, it makes you wonder just how low some criminals will stoop. With this in mind, what can we expect in the coming years? Will they change their target to EMS systems? Maybe even water treatment facilities or other types of critical infrastructure?

For many corporate and government victims, the simple act of paying the ransom seems like the safest option compared to long restoration process when the safety of human lives is at stake. Even if you are able to quickly put the wheels in motion for a cloud backup restoration, it could already be too late. With this knowledge, ransomware attackers will continue to play on the price of human life and the amounts they demand are only going to get higher.

Algorithms and campaigns

For the purpose of antivirus evasion, we have already seen algorithms during the Russian Hammertoss virus campaign as well as being used by Conflicker authors. However, let’s not forget that algorithms can be incredibly effective for more than just evasion because they can raise the campaign efficiency in terms of timing.

Security experts notice that most ransomware reports come to them between Friday afternoon and Saturday lunchtime. Typically, they experience various waves of reports during this time. Statically, SMBs and some corporate victims appear to be slow in stopping an attack that happens on Friday night. Looking ahead, hackers will optimize their launching time based on the relative success ratios; this itself will come from algorithmic automated launches.

For criminals, anonymity is not guaranteed even when they use Bitcoins for getting payments. Therefore, experts believe money sums would be torn down to the smallest pieces and distributed among numerous wallets using algorithms as well as choosing random fog systems at the money retrieval stage moving Bitcoins around again and again. With such automation, the investigations become harder to carry out.

Before we head into the next section, we should also note that the command-and-control servers could also be switched using algorithms; they could be sent back to the attacker by using optimized protocols and dynamically-generated domains. As soon as the core modules have been written and tested, there is no reason why they can’t be scaled up thus providing time advantages to the attackers when they attempt to evade detection.

Adware injection

We have already seen adware within browser space when there have been several compromises on a Fortune-type companies. The introduction of any further malware is auction based. The winning bidder receives easy shell access to upload whatever he wants. If we combine this with worms as well as their ability to reach the active directory and also compromise various credentials, we can’t say for certain that even the largest companies are safe from ransomware that uses this infection vector. Spear phishing can be superseded by this new strategy as the motivation to launch complicated campaigns doesn’t exist anymore since a shell account can be bought for relatively small amount of money.

Critical asset targeting

For maximum return, many criminals don’t even have to target the majority of hosts of the enterprise; instead, enough ransom amounts can be earned after reaching a few important assets and but ensuring that restoration will be impossible. If we use print servers as an example, many companies still use XP on these systems. They are so important to let’s say within a warehouse distribution operation. They are so heavily busy that it is nearly impossible to replace or upgrade them all. And the question is: “How much money companies would pay to get these systems quickly return to work?” The sum would equal hundreds of thousands of USD per day in operations these systems support. In perishable food distribution niche organizations will pay even more.

Virtual environments

Typically, we are used to criminals now jumping from one guest account to another on a virtual environment, but the possibility of targeting the steel as a malicious insider is somewhat frightening. With e-commerce on the rise, the hosting provider would fall into trouble here and the pressure to get everyone back and running again is likely to make them pay the ransom quickly.

BIOS-focused ransomware

When you think about the process of hacking a set of computers, you think of a complex operation requiring experts. However, it can be as simple as a member of the cleaning team at a hotel slipping a small flash drive into every laptop they come across at a time of an important conference. Once in place, this small device will lock any machine at BIOS level. For hotel employees with not much to lose and access to every room in the building, they will get paid depending on how many devices they install and the whole operation can be quite lucrative.

Mobile and IoT mass injections

With the increase in mobile phone usage, is there a way for hackers to gain access to an Android device? Sadly, the answer to this is ‘yes’ and it’s all too easy. With numerous opportunities to gain access, we need to ask what will happen the next time Stagefright happens; here, a text message was sent to every single number on one carrier. Hackers may target the carrier as opposed to the end users. As you can imagine, they may request a huge amount.

If we look at a different case, what if ransomware is sent to all connected cars? Suddenly, no car owner can start their vehicles until the ransom has been paid. Both drivers and car manufacturers are at risk.

Source code compromise

Anything can be hacked. Criminals may find their way to compromise popular open source products. Launching a ransomware campaign with the help of backdoored open-source software will have a devastating impact. All at once, hundreds of thousands of end users will be sent a message telling them to pay or lose their devices.


On a good amount of Friday nights and leading up to big holidays, the campus police team was busy fighting ransomware attacks that targeted their computers. Eventually, it was found that the guilty party was actually a fraternity who simply wanted to distract the police whilst they partied. Of course, this is a light-hearted example but you can see how this could be scaled up into something much more serious. For example, neighborhood robberies or riots could be planned using it this technique.

Espionage and market manipulation

Some criminals may ask for personal information like passwords or intellectual property instead of Bitcoins. In this scenario, would people be willing to share sensitive corporate information to have their laptops returned back to normal? For some, calling a help desk is seen as an embarrassment so they may just consider it. For the criminals themselves, this would actually make everything easier and it would make it harder for specialist teams to track the attackers further down the line.

We could also see ransomware requesting financial information from a particular company. If they get financial performance numbers before the quarterly report, they can then make money in the stock market. In these occasions, they might not even ask for payment but a simple spreadsheet of the company’s finances.

Actions by Individuals

Finally, we may also see requests to perform physical actions in order get the decryption key. Would there be industrial engineers willing to complete the act? Would those around celebrities take a video at a private event just to see their device returned to normal condition?


In truth, we cannot say but it will be interesting to see what path ransomware takes in the coming years and how well we can deal with it. Please share your thoughts on this point bellow by adding comments.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)