Cybercriminals never stop innovating.
As ransomware has become a big business for cybercriminals nowadays, the existing threats are evolving and new ones with more deadly functions keep emerging in the market. Microsoft reported that a new type of ransomware, Ransom:Win32/ZCryptor.A, has the power to spread like a worm. It leverages removable and network drives to propagate itself and affect more users. The self-propagating behavior of this new variant has also earned it the name “ransomworm” (i.e. ransomware worm).
Security experts warned that cybercriminals are going to take ransomware to the next level in 2017 by introducing this kind of auto-propagating characteristics traditionally found in network worms like CodeRed, SQL Slammer, and Conficker. Through these worms, attackers usually exploit network vulnerabilities to make malware spread automatically over networks. What makes ransomworm fearful is that, it is the perfect amalgam of network worms and ransomware, combining the best of both threats to form a devastating species that copies and spreads itself via infected computers, while encrypting data and demanding ransom at the same time.
Kaspersky researchers explain that ransomworm doesn’t need spam emails or exploit kits, as it copied itself onto infected machines and portable devices. The ransomworm could pretend to be an installer of common programs like Adobe Flash, deceiving people into downloading, installing, and even distributing it among others without precaution. As a common type of removable drives, the use of USBs has also become a risky practice. For example, workers who copy infected files onto USBs could be unwittingly spreading ransomworm in the office. This is how ransomware distribution will become more successful in 2017.
Nir Polak, Co-Founder and CEO of a provider of user and entity behavior analytics, concerned that ransomware has turned from a one-time issue to a network infiltration problem. “Ransomware is already big business for hackers, but ransomworms guarantee repeat business. They encrypt your files until you pay, and worse, they leave behind presents to make sure their troublesome ways live on,” says Polak.
A recently published CSO article also provided valuable insights from different security experts and executives on ransomware trends. “What we might see in the coming year is ransomware targeting places where there is less chance of backup files being available. For example, I think we’ll see that SMBs who move their files to the cloud generally do not have backups and do not know how to recover. Specifically encrypting cloud-based data like this would have a significant impact on cloud providers and cloud infrastructures,” says Alex Vaystikh, a cybersecurity veteran, predicting the emergence of cloud data-focused ransomware in 2017.
It’s only a matter of time before self-spreading ransomware – or ransomworms – begins to wreak havoc. As recommended in the Microsoft report, regular file backup is one of the most important preventive measures to help you stay protected from ransomworms. Make sure you and your clients have a comprehensive backup solution in place before ransomworms spin out of control in 2017.
Regular file backup is one of the most important preventive measures to help you stay protected from ransomworms. @CloudBacko
Download our FREE Ransomware Survival Kit to learn how to protect yourself and fight ransomware attacks now.