Stats & Trends
Jonathan Crowe
Feb 2017

The State of Ransomware in 2017: Q&A with Bleeping Computer's Lawrence Abrams

Ransomware grew into a billion-dollar-business last year, with attack volume and number of new ransomware variants both booming.

Through it all, Bleeping Computer has been one of the top go-to sources for ransomware information. In particular, its “This Week in Ransomware” posts are required reading for anyone looking to stay on top of the latest ransomware variants and trends.

We caught up with Bleeping Computer creator Lawrence Abrams to get his thoughts on last year’s biggest changes in the world of ransomware, and what we can expect in the year to come.


At BleepingComputer, we are finding new and innovative strains of ransomware almost every day.

Lawrence Abrams, creator and owner of 


What were some of the most significant evolutions in ransomware you saw in 2016?

When it comes to encryption and payment methods, everything for the most part remained static this year. What has seen significant improvements, though, is the quality of support that victims are receiving and different payment options.

For example, having dedicated support agents isn't new to ransomware, but new variants such as Spora appear to be going the extra mile to provide understandable answers to their victims and make them more comfortable in making payments.  

Furthermore, Spora also introduced an interesting “menu” of ransom options ranging from paying for a few files to be decrypted, immunizing a computer, or  paying to decrypt everything. This gives victim various options that fit their budget and requirements and could drive up a greater volume of payments.


Spora has a sophisticated payment site that offers victims various payment options. Source: Bleeping Computer


How do you anticipate ransomware attacks evolving over the next 12 months?

I expect to see more targeted ransomware attacks, such as Samas/SamSam which was targeting hospitals.

For the most part, ransomware developers have been distributing their infections in a wide net, hoping to catch as many victims as possible. I expect distributors to begin narrowing their focus and going for larger payouts by targeting document- and data-intensive organizations such as hospitals, law firms, architectural firms, and engineering companies — organizations which would truly be crippled if they do not have access to their data.

Editor's note: Ransomware attacks on businesses are indeed rising. See the stats behind this growing trend.

I also expect ransomware to start stealing “interesting” documents that are discovered as they encrypt a computer.  For example, as they scan a computer for files to encrypt if they encounter files that contain certain strings they could upload the file to their C2 before encrypting them. This provides the ability to steal corporate secrets or blackmail companies based on information they learn from the stolen documents.

Are there any attack vectors or tactics we’ll finally be able to say goodbye to in 2017?

In regards to SPAM vectors, now that Google has blocked JS attachments in Gmail, I think we are going to see a decrease in JS file attachments that install ransomware. Unfortunately, there are plenty of other SPAM file types that can still be used to distribute ransomware, so SPAM as a distribution vector will continue to be an issue.

What new attack vectors or tactics are set to take their place?

While SPAM and exploit kits are still the most common attack vectors, a new & interesting vector that has started over the past few months is EITest's Chrome Font Update attack.

For Chrome users, this attack consists of JavaScript that will make a web page look garbled to someone visiting it. The script will then prompt the visitor to download a Chrome font update to install a missing font in order to better view the screen.


Once the download is installed, though, it installs ransomware or other malware.


Spora ransom note. Source: Bleeping Computer

I expect to see more innovative attacks like these in 2017. As previously stated, I also anticipate an increase in manual and targeted attacks towards large organizations in order to generate a large ransom payday.

What’s one thing we should all be focusing on to meaningfully reduce our risk?

When CryptoLocker was released in 2013, it caught the security industry with their pants down. Since then, security vendors have put a great deal of focus on ransomware and ways to prevent it.

Unfortunately, the biggest vulnerability and the one security software can't fix is human error. The ransomware developers know this, and they’ve created innovative distribution campaigns that prey on human error.

Whether it be attachments pretending to voice mails or fake invoices, a common infection vector is people opening malicious attachments when they should not. This needs to be a primary focus in preventing ransomware.

Editor's note: Learn how to train employees not to take the bait in Barkly's Phishing Emails Field Guide

Why has ransomware continued to be such a major threat?

Since 2012, when ACCDFISA was released and then followed by CryptoLocker, ransomware has become one of the most serious computer security issues affecting businesses and consumers. Without proper education on how to keep a computer updated with security updates and how to handle malicious email attachments, ransomware will continue to be a major issue.

At BleepingComputer, we are finding new and innovative strains of ransomware almost every day. Ransomware developers are constantly developing new methods to force companies to pay the ransom, whether it be uploading screenshots of your active screens to steal trade secrets, installing backdoors, or deleting files. With the amount of money being generated by these extortionists, I do not see this ending any time soon.


How to Stay Prepared for Ransomware in 2017


Check out our Complete Guide to Ransomware to learn everything there is to know — from how to stop ransomware from getting onto your machines in the first place to how to deal with an attack and avoid paying the ransom when it does. 

Visit Bleeping Computer's "This Week in Ransomware" roundup every Friday for a look back at the latest ransomware discoveries and news. 

Feature photo by Yuri Samoilov 

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.