Ransom Worm: The Next Level Of Cybersecurity

Uploaded on 2017-01-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

As if holding your data hostage and seeking cash payment weren’t harsh enough, security experts foresee the next stage of ransomware to be even worse.

Scott Millis, CTO at mobile security company Cyber adAPT, expects ransomware to spin out of control in the year ahead. That is an astounding statement when you consider that there were more than 4,000 ransomware attacks daily in 2016, according to Symantec’s Security Response Group.

Corey Nachreiner, CTO at WatchGuard Technologies, predicts that 2017 will see the first ever ransom-worm, causing ransomware to spread even faster.

Crypto-ransomware is a type of ransomware that encrypts your files and holds them captive until ransom demands are met. 

According to the FBI, cyber criminals used ransomware to steal over $209 million from US businesses alone, just in the first quarter of 2016. Furthermore, a recent ransomware report from Trend Micro shows 172 percent more ransomware in the first half of 2016 than all of 2015. 

“In short, bad guys realize ransomware makes money, and you can expect them to double down in 2017,” Nachreiner says.

To make matters worse, Nachreiner expects cybercriminals will mix ransomware with a network worm. Years ago, network worms like CodeRed, SQL Slammer, and more recently, Conficker were pretty common. Hackers exploited network vulnerabilities and tricks to make malware automatically spread itself over networks.

“Now, imagine ransomware attached to a network worm. After infecting one victim, it would tirelessly copy itself to every computer on your local network it could reach,” he says. “Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.”

Nir Polak, Co-Founder & CEO of Exabeam, a provider of user and entity behavior analytics, agrees that ransomware will move from a one-time issue to a network infiltration problem like Nachreiner describes. “Ransomware is already big business for hackers, but ransom-worms guarantee repeat business. They encrypt your files until you pay, and worse, they leave behind presents to make sure their troublesome ways live on,” says Polak.

Earlier this year, Microsoft warned of a ransom-worm called ZCryptor that propagated onto removable drives. By placing a code on every USB drive, employees bring more than just their presentations to a sales meeting; they’re carrying a ransom-worm, not the greatest impression you want to give a prospect.

Alex Vaystikh, cybersecurity veteran and co-founder/CTO of advanced threat detection software provider SecBI, thinks along those same lines. He says ransomware will become smarter and merge with information-stealing malware, which will first steal information and then selectively encrypt, either on-demand or when other goals have been achieved or found to be unachievable. Although ransomware is an extremely fast way to get paid as a fraudster/hacker, if you are also able to first steal some information before you encrypt the device, you can essentially hack it twice. 

Lucas Moody, CISO at Palo Alto Networks, says ransomware isn’t going away. Ever wonder what economic driver has led to the explosion of Bitcoin ATMs into affluent neighborhoods in the US.? His hunch is it is correlated with the number of ransomware infections affecting small businesses. 

Ransomware in 2016 has been a significant problem, and current trends suggest that this problem will not slow-down in 2017. Business resilience and recovery capabilities are the best defense to avoid frequent trips to your local bitcoin ATM, he says.

Vaystikh also foresees the first cloud data center-focused ransomware. In 2017, ransomware will target databases, causing significant downtime. There are not currently many hackers attacking corporate networks with ransomware; information-stealing malware is the preferred tool, he says. 

“But what we might see in the coming year is ransomware targeting places where there is less chance of backup files being available. For example, I think we’ll see that SMBs who move their files to the cloud generally do not have backups and do not know how to recover. Specifically encrypting cloud-based data like this would have a significant impact on cloud providers and cloud infrastructures,” he says.

CSO Online:                Cybersecurity Trends In 2017:          How Cyber Attacks Will Get Worse In 2017:
 

« Propaganda & Bias In Social Media News
Surprise: Snowden Knows Some Russian Spies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.