Self-propagating ransomware is coming, warns report

Ransomware is a nasty variation of a denial of service attack. Instead of denying a victim organization of the ability to work, ransomware resorts to blackmail for cash.

And according to Cisco Systems researcher William Largent, like all malware it’s only going to get worse.

“Combined with new methodologies in targeting, we anticipate a trend towards ransomware that can self-propagate and move semi-autonomously throughout a network to devastating effect,” he wrote this week in a detailed blog on how this malware works and what CISOs can do about it.

The future, he says, can be seen in ransomware like SamSam.exe, found in a number of scattered enterprise network breaches mainly targeting hospitals. “SamSam isn’t complex, and it not fully self-sufficient, but it does exhibit some of the behaviors of a successful worm – rapid propagation, payload delivery (ransomware), and crippling recovery efforts,” says Largent. “The age of self-propagating ransomware, or “cryptoworms”, is right around the corner.”

“For too long, critical security controls and best practice for enterprise network security has been publicly praised and privately ignored,” he warns. “Drop-in appliances and security solutions can only do so much to protect the network, and will do little to stop this threat if networks continue to be architected and expanded without defense in depth in mind. If enterprises don’t start making strides towards defensible architecture today, massive ransoms may end up getting paid tomorrow.”

CISOs aren’t without defences, the blog notes: Network segmentation to contain lateral movement; dedicated firewall/gateway segmentation; role-based network share permissions; credential management; patch management; a company-sanctioned file-sharing program for exchanging files between users in the organization and/or company partners that forbids sharing files through email; and awareness training.

“Our attackers are opportunistic and are looking to turn about a profit with as little effort as possible. If initial access cannot be easily established, this increases the likelihood they will seek out easier prey,” Largent says. That’s why he calls backup and recovery procedures the last line of defence.

Meanwhile this week Scott Gainey, senior vice-president and chief marketing officer at SentinelOne wrote a column also advising CISOs that ransomware can be beat. “Although it may seem counter intuitive, most ransomware variants are incredibly similar in the methods they use to interact with the operating system of the target device. Therefore, even though ransomware authors continue to create a steady stream of new variants such as Petya, we have an ace in the hole. By monitoring for and detecting the underlying and shared behaviors of malware we can effectively stop ransomware infections before they can cause damage.”

CISOs have lots of resources to help fight ransomware. There’s no reason not to take advantage of them.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now