Experts predict we will continue to observe multiple, new variants throughout 2016. Of these variants, it is likely that only a few will actually have a high impact based on the efforts of the malware authors and cyber gangs involved. While ransomware authors continue their development cycles and either update pre-existing strains or make new ones, additional features which enhance resiliency and persistence are predicted to become ransomware standards.
The strains with such functionalities and capabilities, if used along with a vast infrastructure and anonymous networks and payment services will be a global nightmare. Propagation techniques included will not be surprising in the near future as threat actors attempt to determine how to increase their income, while decreasing efforts. Recent strains which use crypters suggest that ransomware authors understand there are multiple researchers attempting to reverse-engineer their strains. This reverse engineering and analysis helps lead ransomware developers to improve their own ransomware variants.
It seems likely that offline encryption (ransomware variants which do not require C2 infrastructures to properly create, maintain and distribute private and public keys) will continue to be observed within Windows-based ransomware in which attackers leverage much of Microsoft’s in-house capabilities.