- Jan 24, 2011
- 9,379
Experts from Cisco's Talos security division are claiming that the next natural step of evolution for ransomware operators is to integrate self-propagation features seen in old-school worms, viruses that wreaked havoc during the '90s and early 2000s.
Their think-tank experiment sees attackers using penetration frameworks to create much more versatile ransomware families, which, besides using encryption to lock the user's files, will also incorporate different modules, among which they think a self-propagation component is bound to be included.
SamSam ransomware is pioneering this concept
Cisco's staff has already observed such features, even if in a limited and simplistic manner in the SamSam ransomware, also known as Samas.
With SamSam making a splash and some high-profile victims in the healthcare sector, Cisco expects other ransomware authors to leverage its model and focus more on breaching networks and leaving the ransomware to search and infect other computers on its own.
This type of behavior maximizes a campaign's infection pool and takes out most of the human factor out of the equation. Instead of having to trick each and every ransomware victim to download and execute malicious files, these new types of ransomware will only need one or two individuals to fall victim.
Read more: Cryptoworms Is How Ransomware Will Evolve, Cisco Claims
Their think-tank experiment sees attackers using penetration frameworks to create much more versatile ransomware families, which, besides using encryption to lock the user's files, will also incorporate different modules, among which they think a self-propagation component is bound to be included.
SamSam ransomware is pioneering this concept
Cisco's staff has already observed such features, even if in a limited and simplistic manner in the SamSam ransomware, also known as Samas.
With SamSam making a splash and some high-profile victims in the healthcare sector, Cisco expects other ransomware authors to leverage its model and focus more on breaching networks and leaving the ransomware to search and infect other computers on its own.
This type of behavior maximizes a campaign's infection pool and takes out most of the human factor out of the equation. Instead of having to trick each and every ransomware victim to download and execute malicious files, these new types of ransomware will only need one or two individuals to fall victim.
Read more: Cryptoworms Is How Ransomware Will Evolve, Cisco Claims
