December 29, 2016
It is of no doubt that we have seen a high number of ransomware variants this year, all differing in name and coding, but with only one goal: lock up a victim's system and ask for money in exchange for its freedom. These nasty programs are usually acquired through spam emails, which pretend to be something important, potentially tricking unsuspecting users.
Most of the time, these malicious programs only infect the host computer. But what if ransomware could actually evolve into something that spreads quickly from one network or computer to another? This is exactly what is being foreseen by Corey Nachreiner, CTO at WatchGuard Technologies. According to him, we will start to see "ransomworms" out in the wild, which could possibly make the crypto-malware feared even more.
Computer worms are standalone malicious programs that replicate itself, to spread on other computers. It usually exploits security failures and network vulnerabilities on a computer in order to access it.
After infecting one victim, it would tirelessly copy itself to every computer on your local network that it can reach,” Nachreiner says. “Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.”
Nir Polak, Co-Founder & CEO of Exabeam, a provider of user and entity behavior analytics agrees with Nachreiner's prediction. He foresees that utilizing worms could mean a bigger business for ransomware creators, bringing in more money. “Ransomware is already big business for hackers, but ransomworms guarantee repeat business," he says. "They encrypt your files until you pay, and worse, they leave behind presents to make sure their troublesome ways live on."
The first ransomware seen to be capable of transferring from one computer to another was the 'ZCryptor,' which was discovered by Microsoft back in May. Once executed, it drops a number of files onto removable drives, making sure that the ransomware will be transferred to the next host computer.
Lastly, it is seen that ransomware-as-a-service (RaaS) will become more propagated in the future. Many variants such as Petya, Mischa, and Cerber have been utilizing this method, bringing in large amounts of revenue. According to Norman Guadagno, chief evangelist at Carbonite:
With all of these in consideration, even with the New Year ringing in, it always pays to be careful of our activities on the internet. Being wary of the links, files, or emails we open can go a long way, as these are the usual vectors for ransomware to attack innocent victims to drain them out of their hard-earned money.