WannaCry already showed us that self-replicating ransomware can be far more dangerous than older variations of ransomware. In the future, we can expect that ransomware will focus more on using zero-day exploits and that time to weaponization (actively using a new vulnerability) will shorten dramatically.

Even with older variations, ransomware is a profitable business. The more profitable it becomes, the more sophisticated and complex threats we are going to encounter. If a cybercriminal group expects that ransomware can earn between 5 to 10 million dollars, paying $500,000 for a zero-day vulnerability makes economical sense.

Another possibility might be that they use other distribution methods. For example, NotPetya used the update mechanism of Ukrainian tax software. At DEF CON 2017, a technique was presented that could spread the malicious code even to sites that don’t even have an internet connection.