11 ways ransomware is evolving

Ransomware detection and recovery tools and techniques are getting better. Unfortunately, so are ransomware developers. They are making ransomware harder to find and encrypted files harder to recover.

One advantage that security operations have had over ransomware is that it’s predictable. It works in a linear fashion, which gives security tools and teams an opportunity to limit damage once ransomware is detected. Now we’re seeing signs that ransomware creators are making their craft less predictable.

“At the end of the day, ransomware has to do one thing, and that’s overwrite or lock the file system,” says Brian Bartholomew, senior security researcher, Global Research and Analysis Team (GReAT) at Kaspersky Lab. The linear activity associated with overwriting or locking up data makes ransomware easy to detect, he notes. “If you think of all the files on a system as a list, ransomware just goes right down the list and starts encrypting them,” says Bartholomew.

Hackers are wising up and trying to change the predictable nature of ransomware to avoid detection. These are some of the new tricks they are using.