'Cryptoworms' are coming to hold your data hostage


Ransomware is rapidly becoming a big money-spinner for cybercriminals, and as a result is rapidly developing in terms of sophistication – with Cisco delivering a stark warning about major dangers which are just round the corner.

In fact, in a new report where Cisco Talos Security Intelligence and Research Group looks at the past history and probable future of ransomware, the authors state: "The age of self-propagating ransomware, or 'cryptoworms', is right around the corner."

Cisco observes that ransomware has developed from 'spray and pay' attacks indiscriminately trying to find victims across the net, to targeted attacks on company networks – such as the recent hits on hospitals and healthcare providers over in the US and Germany.

With these sort of attacks, the criminals can demand much bigger ransoms, and furthermore they avoid the hassle of trying to keep up a prolonged ransomware campaign (namely maintaining the infrastructure and staying undetected over long periods of time while the campaign is running – the cybercriminal doesn't have to worry about any of this with a one-off attack).

SamSam strikes

The newest strain of ransomware, named SamSam, points to the future because it uses a simple "semi-automatic propagation method" to spread itself around the company network.

In the future, Cisco expects to see more powerful integrated self-propagation capabilities which will specifically target enterprise network vulnerabilities, and attempt to compromise everything from backups to messaging servers in an effort to leverage as much weight as possible against the victim.

It'll also potentially be able to pull off tricks such as using a minimum of system resources in order to have the best chance of remaining undetected.

Craig Williams, senior technical leader for Cisco Talos, also told Threatpost: "We are going to see repurposing of older persistent threats. A lot of people would assume that in order for the next generation of ransomware to be effective that they would need a new network vulnerability. The reality is, that's not the case. These attackers can take any off the shelf network vulnerability and make a worm out it."

With the amount of money being made from ransomware aimed at both individuals and companies, it's clear that we're going to face some seriously dangerous attacks in the future.

Cisco warns: "For too long, critical security controls and best practice for enterprise network security has been publicly praised and privately ignored … If enterprises don't start making strides towards defensible architecture today, massive ransoms may end up getting paid tomorrow."

In its report, Cisco recommends various defensive measures for businesses including DMZ hardening and mitigation against social engineering attacks.

And of course another vital consideration for consumers and companies alike who may find themselves a victim of a data ransom demand is to have a full backup of said data which is kept completely separate from the user's PC or company network, so the malware can't get at it.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).