Ransomworm: The Next Level of Cyber Security Threat

With the IT industry already gripped by the widespread ransomware threats, professional cyber security experts have predicted that it is most likely that the hackers are moving ransomware to the next level making the situation even worse. In the existing cases, the cyber criminals hold data hostage and demand cash payment to release it. Scott Millis, CTO of Cyber adAPT, a mobile security company foresees ransomware to get out of control to assume new dimensions and threatening to inflict a heavy damage across industry segments. The trends predicted will find the existing ransomware recovery and removal tools for small businesses inadequate and will demand capacitating the cyber security technology effectively to defend the evolving challenges effectively. Here we discuss ransomworm which is deemed as the next level that cyber security threat has assumed. 

The Background

Cryptolocker was released in 2013 which gave a boost to crypto-ransomware. This is a kind of ransomware encrypts and holds files as hostage data until the demands of the ransom are satisfied. FBI has brought out that the cyber criminals have used ransomware to pinch more than $209 million from the businesses operating in the U.S. alone during the first quarter of 2016. Another report published by Trend Micro has noted that during the first half of 2016, ransomware had grown 172 percent more than what was observed over the whole year of 2015. Since the cyber criminals have discovered that ransomware works in making money for them, they are most likely to double their efforts in 2017. In order to worsen the situation, the cyber criminals are expected to mix ransomware with a kind of network worm. While we have CodeRed, SQL Slammer around us for quite some time, the recent additions to the list of network worms is Conficker. Hackers are benefiting from the vulnerabilities in the networks and see to that malware automatically spreads itself over the networks.

Where Ransomware is Moving

Ransomware attached to a network worm is highly dangerous as it can endlessly copy itself to all the computers connected to a local network. NirPolak, Co-Founder & CEO of Exabeam warns that from being a one-time issue, ransomware is now growing into a network infiltration problem. The point is, while ransomware gives them one time business, ransomworms generate them repeat business. The worse is yet to come. Even when you get the files decrypted by paying the ransom demanded, it is most likely that they leave behind presents that will ensure that the trouble thrives. A ransomworm called ZCryptorwas found infecting the removable drives earlier in 2016.

Ransomware is Getting Smarter

Alex Vaystikh, cyber security expert and the CTO of SecBI, the sophisticated threat detection software maker, has voiced his concerns in the same lines noting that in future, ransomware will grow smarter to merge with information-stealing malware. They will fist steal the data and selectively encrypt them in order to exploit the situation twice. While they might demand the required ransom first, they shall then proceed to say your data has been stolen by them and they will leak it if you do not pay them their demand. Also in the likelihood of the victim refusing to pay the ransom on the grounds that they have already backed up the data, the hacker will launch the next tool of leaking the data risking data security of the firm. In many cases where ransomware is used in sensitive environments like hospitals, there could be significant damage if the malware had first infiltrated the patient information.

Hackers have made a $1 billion business in 2016 alone. So, there is no likelihood of ransomware going away from the scene. In fact, RaaS or ransomware as a service is growing fast today as this is an extremely lucrative business that needs minimum investment and little effort to launch an attack. Once the hacker gets hold of a mailing list of potential targets, the job is done well. Fortunately, the cloud also enables backup to protect against attacks which might hold some promise for us to move forward.

Symantec’s security response group report has revealed that in an average there were about 4,000 ransomware attacks in a day in 2016. While this is an astounding statement we need to reflect on, Corey Nachreiner, WatchGuard Technologies’ CTO has visualized that 2017 will see the first ever ransomworm attack that will lead the ransomware attacks to proliferate even faster. Hence, it is the need of the hour that every business today understands the impending risk to their data and invests in the right kind of ransomware recovery and removal tools for small businesses so that their data security is updated to the next level and adequate protection is assured. While this is crucially needed, widespread concerns also expect the professionals to create more powerful tools to advance cyber security measures.