Share with your friends

Envisioning future ransomware – be best prepared for cybercrime

Envisioning future ransomware – be best prepared


Related content

By Luke Herbert, Senior Manager, Advisory

To protect us against tomorrow's cybersecurity threats, we need the imagination to envisage how current trends might evolve. While emerging trends can seem to come out of nowhere and may change the playbook, they can often be seen as having been inevitable developments in a later analysis. Encouraging cybersecurity professionals to take a broader perspective that takes both technical, economic and social drivers into account, as well as the fundamental facts of computer science that underlie computer security, can provide great insights into the likely nature of tomorrow's threats. Ransomware has grown explosively to become one of today's dominant threats with total costs in the USA alone approaching 1 billion USD in 20161.

Through necessity, the creators of ransomware were forced to become early adopters of cryptocurrencies, as this was necessary for them to extort payment anonymously. However, cryptocurrencies are still in their infancy, and the maturing technology of using blockchain-type technologies to enforce smart contracts could cause ransomware to evolve further. Smart contracts are extensions to blockchain protocols that facilitate and enforce contracts. By employing smart contracts, ransomware developers can increase their rate of return by providing their victims the certainty that if they pay, they will inevitably regain their data. In essence, this works by having the ransomware immediately publish the decryption keys for the victim's data to the blockchain ledger, but in an encrypted form that will be decrypted by the ledger itself when the terms of smart contract are met in the form of payment of the ransom. Furthermore, smart contracts can define complex terms such as allowing the data to be decrypted at a discounted price beyond a given date, potentially extending the ability of ransomware operators to maximise returns from their victims.

Thinking even further into the future and expanding the potential complexity of smart contracts begs the question of whether it is possible for ransomware to develop the ability to improve itself on its own. Complex smart contracts could encode a smart network of ransomware bots that invests part of their returns in acquiring new exploits and propagation vectors. This in turn would allow the ransomware to become nearly fully autonomous, independently taking on ever more capabilities all with the aim of gathering even more money for its operators. In this case, one could theoretically imagine the original criminal organisation behind the ransomware disappearing while the autonomous network continues to operate. In this nightmare scenario, the ransomware itself could be sustaining transactions and the stability of underlying cryptocurrency, leaving us with an ongoing plague upon our digital infrastructure that may be nearly impossible to wipe out.

Envisioning future ransomware – be best prepared for cybercrime

In conclusion, we might only have seen the beginning of what threats like ransomware will become. Using our history as a guide, we can be sure that security issues that arise from our changing world will not have been predicted accurately. We must remember that cybercriminals are by their very nature not bound by legal and ethical restricts and therefore have great opportunities to innovate. To stay competitive it is vital to focus on the present, but we must also find time for envisioning the future and at times take the attacker's perspective to ensure their innovations do not take us by surprise.

Fostering a culture around security that encourages exploration and speculation around future developments can make a profound difference to your security posture and be the foundation of a truly resilient organisation. At KPMG, we continually challenge ourselves to envision future threats and develop ideas for how to help our clients respond. If you would like to know more about future threats, building a cyber-resilient organisation or growing an effective cybersecurity culture, feel free to contact us.

[1] Hackerpocalypse: A Cybercrime Revelation,
available at


© 2021 KPMG P/S and KPMG Acor Tax P/S, both entities being Danish limited liability partnerships and member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more details about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal