Nasty New Hybrid Strain of Ransomware

KnowBe4 CEO Stu Sjouwerman issued a warning of a scary new strain of ransomware, one with a difference, this one is a true self-replicating parasitic virus called VirRansom. This new strain is a hybrid that combines CryptoLocker and CryptoWall functionality with active self-replicating virus infections of all the files it can find. And, like the cybercrime Reveton family of malware, it locks the PC's main screen demanding 0.619 Bitcoin to let you back in.

Sjouwerman stated, “This ransomware threat utilizes both ransomware and parasitic virus features. VirRansom is a full-fledged virus which will spread across your network and doing a less than perfect job on the disinfection can easily lead to reinfection of your whole network. CryptoWall-encrypted files that you can't or don't decrypt are harmless garbage forever, but you can delete those. However, with VirRansom, files that you don't decrypt are still recoverable, but remain actively infectious.”  Sjouwerman added; “What makes this tricky is the infected files can't just be deleted, since they are your own files that were there before the infection started.”

According to researchers at Sophos, most worms leave a handful of infected files that weren't there before and need to be deleted. Parasitic viruses, in contrast, may leave hundreds or thousands of infected files on each computer. If even one of those infected files is left behind, after a clean-up, the infection will start up all over again.

The file encryption is not as advanced as CryptoWall. For now, the key to decrypt the files is contained in the malware itself. Most antivirus should soon be able to decrypt the files and restore them, but the bad guys are constantly changing encryption keys in which case antivirus vendors may not be able to solve this fast enough..

Sjouwerman cautioned, “Ransomware gets nastier all the time. We can expect a VirRansom 2.0 with "new features" like industrial-strength CryptoWall-like encryption where files are held hostage until payment is made and email server infections where emails are converted to a worm for maximum dissemination of their malicious code.  The legal ramifications could be horrific.”

Sjouwerman suggests IT managers mitigate these types of threats through both technical measures and enforcing security policy:

1. Test the Restore function of your backups and make sure it works and have a full set of backups offsite.

2. Start thinking about asynchronous real-time backups so you can restore files with a few mouse clicks.

3. Get rid of mapped drives and use UNC (universal naming convention) links for shared folders.

4. Look into Whitelisting software that only allows known-good executables to run.

5. Update or enforce security policy best practices, such as thorough effective security awareness training to prevent these types of infections to begin with, as the infection vector is your end-user opening up an attachment or clicking on a link.

Featured

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

  • AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

    The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now

  • Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

    Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now

  • Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.