This publication and the abstract below was published by Director of National Intelligence in August 2017. ICIT strongly encourages you to visit the Director of National Intelligence Publication Library to search for additional information security resources which are freely available.
The Future of Ransomware and Social Engineering : Understanding Ransomware Trends, Users, and the Malicious Social Engineering Tactics They Use
Extortion is a tactic that has long been used by criminals for financial gain. Digital extortion through ransomware continues to represent a significant cyber threat to individuals, small businesses, corporations, and government entities. While cyber attacks are generally considered as technical exercises, successful ransomware operations employ social engineering tactics to help identify and exploit target vulnerabilities. Private sector, non-governmental organization (NGO), and government analysts were brought together by the Office of the Director of National Intelligence and the Department of Homeland Security to examine the current state of ransomware, understand how social engineering tactics are currently employed, and how ransomware attacks may change over the next two years. In this paper, ransomware is defined as malicious software that blocks access to computer systems or files until money is paid. Social engineering is defined as using human interaction to psychologically manipulate targets through deception and persuasion in order to influence the target’s actions.