Ransomware Predictions | Past, Present, Future (Part 2)

By Scott Scheferman

Are Old Predictions Just Waiting in the Wings?

In the last post, we listed Scheferman’s ransomware predictions that have already come true over the past two years. Other predictions haven't materialized yet — but might be seen any day.


One college campus police department kept getting hit by Ransomware-as-a-Service (RAAS) attacks on Friday nights, prior to major holiday weekends, and leading up to key sporting events. It turned out that a fraternity at the same campus was sending the ransomware in order to keep the campus police occupied on their party nights. While this is a somewhat comical example, the use case itself could easily scale up to attack city police departments prior to rallies, riots, or other major disruptive social events. It could easily be used for planned neighborhood robberies, for example.

Targeted Espionage

What if ransomware didn’t ask for payment in bitcoin, but instead asked for secrets, passwords, or other intellectual property? How many users would be willing to share these secrets in order to get their laptop back, and avoid the embarrassment and hassle of calling the helpdesk. For an attacker this model would greatly simplify the process, not requiring payment, and avoid any risk of the campaign’s block-chain/ledger being investigated down the road.

Political Outcomes

Although this hasn’t come to fruition yet, it’s not too far a stretch to imagine a shady nation state using ransomware to coerce reporters to take a different angle, to not publish something, or to publish misinformation. Data on a reporter’s laptop is effectively their entire job security.

Is Guccifer 3.0 simply going to be mass encryption of DNC hosts? Why? Because he can?

Market Manipulation

Given the singular financial motive of most criminals, what better use case for ransomware than to demand a victim CFO to divulge financial performance data ahead of the next quarterly earnings call in order to game the equities market. No payment needed, just send a zipped spreadsheet to this email address, and you’ll get your hard drive back in time to present your earnings. If only 1 in 10 CFO’s take the bait, the attacker has all they need to make some money in the market.

Action by Individual

What if ransomware targets an individual and requires them to perform a physical action in order to get the decryption key?  How many industrial engineers might be willing to do this? How many plant operators? How many friends of celebrities would be willing to take a video of a celebrity at a private event in order to get their data back? Can you say paparazz-ome?

Be sure to read Part 1 and Part 3

Scott Scheferman

As Director of Consulting for Cylance, Mr. Scheferman oversees the delivery of Cylance Consulting services ranging from compromise assessments and penetration testing to incident response to ensure timely and effective delivery. He also performs additional roles within Cylance such as public speaking and sharing intelligence with partners.

More about Scott