Self-spreading ransomware next computer threat, Cisco Systems says

An unusual strain of virus-like hacker software thatexploits computer server vulnerabilities without requiring humaninteraction is a leading example of a new generation of"ransomware," according to a new report by Cisco Systems Inc.

• Norfolk General Hospital suffers computer virus attack
• FBI probes virus at Medstar Health facilities

Hackers use such software to target large-scale networks and holddata hostage in exchange for bigger payments. Such a strain, knownas Samas or samsam, hit the MedStar Health Inc. hospital chain lastmonth.

In such attacks, hackers target backup files and records,encrypting them to make them an unreadable gobbledygook ofcharacters. To regain access, users without additional safe backupswho don't want to lose critical files often pay the ransom,typically $10,000 to $15,000 for an entire network or hundreds to athousand or so dollars for a single computer.

The ability to demand payment in bitcoin, a difficult-to-tracevirtual currency not controlled by any country, was "basically thebirth of ransomware" and has helped drive its success since thecurrency's introduction in 2009, said Craig Williams, a seniortechnical leader at Cisco's Talos security research group.

How Samas works

Samas exploits vulnerabilities giving hackers a way into JBossapplication servers that are frequently used by some of the largestcorporations. Once inside, the hackers sometimes implant a tool thatsteals credentials, allowing it tospread through the system, andencrypt scores of digital files along the way.

Ransomware has become a new targeted attack, with thousands ofvariants emerging over the last six months, said Dmitri Alperovitch,co-founder and chief technology officer of Crowdstrike Inc.

Most ransomware still requires a human to click a link or open aninfected email attachment, but Cisco's report warned that "the ageof self-propagating ransomware, or cryptoworms, is right around thecorner." Worms are generally virus-like infections that areprogrammed to spread automatically, without human interaction.

The semi-autonomous nature of this ransomware means thatdefences, such as maintaining updated and patched systems and safebackups, are more predictable than teaching users to safely use theInternet.

Recent growth

Ransomware has become an increasing threat over the last sixmonths, with reported cases on pace to beat last year's numbers.

Last year's 2,453 reports of ransomware hackings to the FBItotalled a reported loss of $24.1 million, making up nearly
one-third of the complaints over the past decade. They alsorepresented 41 per cent of the $57.6 million in reported lossessince 2005. Such losses are significantly higher than any paidransoms because companies routinely include remediation costs, lostproductivity, legal fees and sometimes even the price of lost datain their estimates.