With any malware threat, there will be a natural progression or evolution that morphs it into a much more sophisticated threat or one that attacks computers more efficiently. As expected, there will be an evolution of ransomware threats, which experts from Cisco's Talos Security Division are expecting to turn out to be cryptoworms.
Ransomware has undoubtedly proved to be among the most destructive types of malware known. The latest evolution of ransomware has run amuck and caused utter chaos in that it encrypts data and locks up a computer only to hold it for a substantial ransom fee. What computer security experts are starting to see is ransomware take on an entirely new face, one that resembles nasty computer worm infections.
What is being dubbed as cryptoworms, are new types of ransomware threats that not only lock a user's files, but it also incorporates different modules that allow the threat to self-propagate or spread onto other computers.
We have long been in the know of how computer worms function, with their primary objective being to spread onto other computers in the most efficient manner. Adding the spreading capabilities of worms to ransomware opens up the potential for cryptoworms to eliminate the need for humans to spread potentially onto hundreds or thousands of computers.
Already, ransomware with encryption capabilities have cost companies and organizations nearly millions of dollars. The ransomware business in itself has transformed into a lucrative prospective for hackers and cybercrooks. With the claim from Cisco's security experts that ransomware's next chapter will include cryptoworms, cybercrooks would have a much easier job in the proliferation of ransomware where the threat does the legwork of spreading infections to countless computers.
In the past ransomware has heavily relied on cybercrooks and hackers to do the dirty job of spreading the malware through spam email attachments. Such a process is time-consuming and resource-intensive for most. However, adding the capabilities of a worm infection to ransomware pretty much automates the spreading process where specialized crytoworms will seek out computers connected to an infected system and then automatically spread. Environments like corporate networks or government computer systems are ideal for cryptoworms to thrive and perpetually spread.
Already, there are examples of ransomware threats that exhibit the behavior of worms, such as the SamSam Ransomware threat. SamSam, also known as Samas, has leveraged the JBOSS server software to spread to entire networks. The FBI and Microsoft have issued public statements to warn US companies of the spreading dangers of SamSam Ransomware. Among the current casualties of SamSam, the ransomware has claimed high-profile victims in the healthcare sector already.
With SamSam Ransomware being one of the first ransomware threats on the scene exhibiting the behavior of computer worms, there is nothing to stop hackers and cybercrooks from creating many more in the near future. We have yet to know certain what kind of reach cryptoworms will have. However, we are aware that the viral repercussions of cryptoworms will be vast, and we must take heed to experts' predictions now rather than later when it is too late to react.