News Stay informed about the latest enterprise technology news and product updates.

Microsoft warns of rare ransomware worm

Microsoft warned users of a rare ransomware worm affecting older versions of Windows, but experts are wary of the recommended mitigation technique.

A newly discovered ransomware variant has the rare ability to self-replicate, and security experts expect future...

ransomware will follow this evolution pattern to become more efficient at spreading to and infecting larger targets.

Microsoft posted a warning to users about ZCryptor, a ransomware worm that can initially infect targets through traditional phishing schemes, macros or fake installers, but also has the ability to place autorun files on removable storage devices. This means the ransomware can spread itself to other machines on portable storage devices, rather than relying on more targets to fall victim to phishing, according to Microsoft's security advisory.

"It's basically guaranteed that ransomware will become self-replicating," said Arian Evans, vice president of product strategy at RiskIQ, based in San Francisco.

Other experts agreed. Wade Williamson, director of threat analytics at Vectra Inc., based in San Jose, Calif., said ransomware worms are part of the natural evolution of malware.

"It is important to remember that while ransomware is the newest head on the malware hydra, it is still malware. As such, it can be delivered and propagated in all the ways that we have seen malware used in the past," Williamson said. "So, while this is a new variant of ransomware, on its own, it is not earthshaking. It is, however, a part of a broader trend within ransomware that focuses on spreading beyond the initially infected host in order to [cause] damage to the broader enterprise."

According to Microsoft and Trend Micro's warnings, the new ransomware worm does not work on Windows 10, but it does affect older versions of Windows. With that in mind, Microsoft's first suggestion for users to protect themselves was to upgrade to Windows 10.

While experts generally considered this to be good advice, noting the Windows 10 File History and other security features as beneficial, there were concerns with this suggestion.

Don Jackson, senior threat researcher at Damballa Inc., based in Atlanta, said he found ZCryptor "functioned exactly the same disastrous way" on the newest version of Windows 10 in his test.

"I wouldn't consider upgrading to Windows 10 to be a preventative measure at all. In this case, upgrading to Windows 10 doesn't offer any mitigation in terms of better detection and prevention," Jackson said. "Microsoft appears to be saying that it does by adding it to the very first bulleted item under [the] 'prevention' section of their blog post. To me, it's misleading."

Evans said the problem with the suggestion was financial, rather than technical.

"Financially speaking, Windows 10 costs are probably out of reach for a large percentage of the global PC community, especially those running on pirated Windows XP," Evans said. "The question is: At what point does the cost of impact of ransomware exceed the cost of upgrading to Windows 10 and replacing legacy devices? Ransomware automatic replication will accelerate this cost curve we expect, making the cost of upgrading, and implementing stronger defenses, calculate cheaper with each successful ransomware attack."

Experts said the rest of Microsoft's prevention suggestions were comprehensive, including making regular backups of data to external sources, being wary of phishing emails, disabling macros in Office, disabling Remote Desktop, using two-factor authentication and avoiding "websites that are known for being malware breeding grounds -- illegal download sites, porn sites, etc.," according to the security advisory.

Next Steps

Learn more about the outbreak of ransomware hitting hospitals, enterprises

Get a first look at the new Windows 10 security features

Find out how the TeslaCrypt ransomware came to an end

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think of the threat of a ransomware worm?
Cancel
Ransomware seems to be becoming more and more common. IF people only took the advice we have been giving for years about backing up all personal data, files,pictures or anything you do not want o lose then this would go away. People are lazy and they are relying on that, that's what makes this profitable to them. There a numerous ways of backing up your data, to the cloud, removable media and more. Users just don't take advantage of it. I back up once a month. If I do a lot of work or add a lot of new data like vacation pics, I back them up right after the upload.
Cancel
What about those running legitimate copies of XP whose systems lack the capacity to run Windows 10? There is clearly a market for "Windows lite" - alias "Linux for Dummies" complete with a one click conversion package.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close