Ransomworm came into the mainstream when WannaCry’s global hack compromised hundreds of thousands of computers. Victims ranging from individuals to hospitals to major corporations found themselves locked out of their files and sensitive data. Their data had been encrypted and was unusable, creating mass chaos across the global marketplace. Hackers then demanded upwards of $300 in Bitcoin to unlock data, with reports indicating they never actually released the files.

How did hackers managed to cause cyber destruction around the globe? The problem was quickly identified as an issue with a Windows system vulnerability. A type of malware wormed its way through those system vulnerabilities – and while the media interchangeably used the words ransomworm and ransomware to describe the hack, they’re not exactly the same thing.

Unlike ransomware that typically invades computers through email spam campaigns, ransomworm spreads by hunting down vulnerabilities in networks and devices. Research from Malware Bytes Labs found that ransomworm intrudes through public-facing SMB ports and uses exploits to get onto the network. In the WannaCry ransomworm case, the worm found an alleged NSA-leaked EternalBlue exploit to seize its victims’ files and overtake their computers by encrypting data.

But does the difference really between ransomworm and ransomware really matter? Users who think the difference is negligible because both are a form of ransom could be setting themselves up for an attack. If you’re only looking at email phishing and related scams for ransom hacks, you won’t be prepared for the next wave of ransomworm making its way around the world.

There are ways to stay proactive and protect your data before it’s too late. Here’s what to know about ransomworm and how to protect yourself from the next attack.

The History Behind Ransomworm

Industface-Blog-Subheader-The-History-Behind-Ransomworm-image_170707-02

WannaCry is just one ransomworm in a long line of attacks. In fact, we’re seeing a resurgence of worms after their heyday back when they were focused on infecting networks.

Computer worms were coined by writer John Brunner in 1975 with his book, “The Shockwave Rider.” He described how “data-net tapeworms” gathered data as they spread through computers across a variety of networks. But it wasn’t until early 2016 that experts saw ransomware infecting devices with unpatched servers and vulnerabilities.

Previous network worms like CodeRed and Conficker were once commonplace and spread like wildfire through file sharing or network vulnerabilities. Once these worms penetrated the networks, they were difficult to stop and infiltrated multiple devices. Today, hackers are combining the power of ransomware and the concept behind network worms to create ransomworms. Like network worms, ransomworms get into systems, but then take over the files and encrypt them. This is when hackers step in and demand a ransom to decrypt the files and release them to their rightful owner.

How Ransomworm Works

Industface-Blog-Subheader-How-Ransomworm-Works-image_170707-03

Unlike malware’s reliance on email phishing schemes, ransomworm works its way into computer systems by exploiting vulnerabilities such as outdated operating systems and patches. Once the ransomworm has worked its way into a device, hackers can encrypt the data and lock out the user.

It’s no secret what hackers want. They post a malicious note to run on the screen for the person who tries to log on. The sinister message explains their computer has been hacked and how to pay the ransom. At this point, there is little the user can do to recover their encrypted files.

However, the lack of email phishing involved can leave savvy computer and internet users vulnerable. Even amateur web users have some knowledge of ransomware and know not to open emails or click links from unknown users. Instead of looking for phishing schemes and deleting suspicious emails, worms can intrude without the user doing anything. It’s actually the lack of action that can create vulnerabilities, as users fail to update old operating systems and ignore new patches.

Know the Latest Exploits

Industface-Blog-Subheader-Know-the-Latest-Exploits-image_170707-04

Staying in-the-know about the latest ransomworm exploits keeps users diligent against the latest attacks. Hackers adapt rapidly and what works today could be gone tomorrow and replaced with something far more sophisticated. It’s also wise to expect copycats to emerge after a major ransomworm attack like WannaCry. Shortly after the dust settled, Petya surfaced and started targeting the same vulnerabilities.

Knowing what’s going on with the latest trends in ransomworm is just the first step. Keep an eye on the news and IT-focused websites that alert to the latest device vulnerabilities. Don’t wait to update your system networks and devices. By the time hackers find a way into your system with ransomware, it’s too late to make updates.

Why You Should Never Pay the Ransom

Industface-Blog-Subheader-Why-You-Should-Never-Pay-the-Ransom-image_170707-05

Some ransomworm programs ask for as little as $30 to release encrypted files. Other companies have paid thousands, usually in hard-to-trace bitcoin, to regain control over their devices. And some reports suggest embarrassed companies have secretly paid millions to hackers in hopes of keeping control over the situation and getting their data back as quickly as possible.

But regardless of whether or not companies are willing to pay, it doesn’t always make for a happy ending. According to research from Kaspersky, 20% of ransomware victims who paid up never got their files back. And not paying may be the only thing that ultimately deters hackers.

Ransomworm relies on victims paying up in order to keep the cycle going. Hackers will eventually move on to other cyber crimes if ransoms are no longer being paid. And there’s another reason to break the ransom cycle: hackers could identify you as a victim who is willing to pay and continue looking for vulnerabilities to take over your data and collect ransom again.

Research the Solutions

Industface-Blog-Subheader-Research-the-Solutions-image_170707-06

It’s sometimes possible to find a solution to combat the latest ransomworm, but time is of the essence. Otherwise, hackers wise up and tweak their worms to combat the solution.

During the WannaCry outbreak, French researchers came up with a way to encrypt files and restore data without paying the ransom. The solution, dubbed Wanakiwi, involves extracting the keys to WannaCry encryption codes using prime numbers instead of breaking into the digits behind the ransomworm’s encryption key.

However, solutions can also be fickle. Wanakiwi didn’t work for everyone who tried it, and seemed to rely on keeping the device turned on and refraining from shutting it down. Before you do anything to your computer after an attack, use a separate device to quickly research solutions that can get your data released. You could ultimately stumble across a way to keep your data intact and out of hackers’ hands.

Protect Your Data

Industface-Blog-Subheader-Protect-Your-Data-image_170707-07

Ransomworm and malware are nightmares to deal with, but combatting them doesn’t have to be a crisis. Prepare yourself for an attack with the only surefire way to protect yourself: safeguard your data and sensitive information against ransomworm by regularly backing up your files. Choose a third-party cloud provider with the highest industry standard for storage and encryption to keep your data safe.

While it won’t stop ransomworm from happening, being able to restore files from an off-site cloud storage provider can cut off hackers at the pass. Users can simply restore their files and reset their devices to factory settings or purchase new ones instead of paying the ransom.

Update Your Devices

Industface Blog - Update Your Devices

Ransomworm relies on system vulnerabilities, apps and patches to work its way into your device and your data. Keep hackers at bay by regularly updating your operating system and looking for any approved patches from a manufacturer like Apple or Microsoft.

It’s also crucial to keep your apps updated to the latest version to ensure the highest level of security. Users should never download apps from unknown providers, and decline an app’s request to access data, whether that’s passwords, photos or other files.

Stay Alert to the Future of Ransomworm

Industface-Blog-Subheader-Stay-Alert-to-the-Future-of-Ransomworm-image_170707-08

Ransomworm shows no signs of slowing down, and will continue getting more sophisticated and expensive. According to reporting from Business Insider, hackers in the cyber ransom game can extort up to $60,000 in one week alone. Meanwhile, cyber crime-related costs are expected to reach $2 trillion by 2019.

And as cyber crimes rise, so will our intelligence agencies’ push to develop tools to combat it. While that may sound like good news, it can actually signal bigger problems. In WannaCry’s case, it was discovered that the NSA actually developed the worm and it was later stolen or leaked to hackers. As word spreads about the advancement in worms and cyber tools, so will hackers’ determination to source them.

We can also expect trends in invisible ransomworm to spike as internet users become more savvy to phishing schemes that download ransomware onto their computers. Helpnet Security predicts we’ll see a ransomworm that automatically spreads quickly and successfully across local networks, and possibly the internet. When and if that happens, users will be helpless to fight off ransomworm while still using outdated systems and apps. At the end of the day, staying alert, creating a culture of security and protecting your data are the only ways to combat ransomworm.

What are your predictions about ransomworm and how to fight it? Let us know by leaving a comment below:

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.