TL/DR: BlueDoom can encrypt and ransom your computer without your interaction. Protect yourself with the Holy Trifecta of backups, updates, active border and endpoint protection.
Another “ransom-worm” is spreading itself across the Internet, and this time things could get ugly.
While the “WannaCry” ransom-worm fizzled out two weeks ago, there’s a new, bigger threat that’s looming: “BlueDoom.”
Aside from having a much better name, BlueDoom, is potentially more dangerous than WannaCry for two reasons:
- It’s already speading quietly across the Internet. Because it’s not (yet) doing any harm, it’s harder to know where it is;
- There’s no known kill-switch for it.
A ransom-worm is a ransomware program that spreads itself from computer to computer, versus a human having to click on something. The program will encrypt all available drives on your computer (including attached USB drives and network drives), rendering them useless and the data lost unless you pay up. Ransoms are generally between $300 and $600, usually payable in Bitcoins.
BlueDoom (also called “EternalRocks”) is part of a black-market, mass weaponization of a group of cyber attacks developed by the NSA, which were stolen and released by the “ShadowGroup” late last year. It seems to be using similar channels as WannaCry to spread.
So far, the ransom-worm doesn’t seem to be doing anything malicious. It’s just quietly spreading across the globe, burrowing through networks, hiding in computers.
But that could all change in a moment with a single command from a hacker’s central “command and control” server.
The experts at antivirus company Kaspersky Labs thinks that the spread of BlueDoom is a preparation for a large-scale, ongoing cyber attack:
“The analysis done on BlueDoom hints that cyber criminals may be preparing to integrate an array of different exploits for an attack that combines a full set of digital weapons,” Heimdal Andra Zaharia said. “BlueDoom is different from WannaCry because it shows a long-term intent to make use of vulnerabilities stemming from virtually all Shadow Brokers leaks containing Windows exploits.”
– Kaspersky Labs, May 22, 2017.
The New Normal
Normally, ransomware is spread via human interaction with a computer: clicking on a link in an email or visiting a compromised web server.
These new ransom-worm attacks are different: They can spread from one infected machine to any other vulnerable machine on the same network, or across the Internet, without a human ever touching the computer.
That capability means that a new-style attack could potentially compromise millions or even tens of millions of computers in just hours or days.
This ongoing – week in, week out – siege of cyber attacks is going to be the new normal for anyone using the Internet.
While BlueDoom specifically targets PCs, ransomware doesn’t discriminate with its targets.
It’s the same for businesses and individuals, for Mac, PCs, and phones: Everyone is vulnerable. If we don’t take the right action, it’s just a matter of time before we find ourselves faced with this choice:
Pay a ransom, or lose your data.
What To Do About It
There is a little bit of good news here: The defense for this latest wave of attacks is the same as the defense for all the other cyber attacks we’ve seen:
- Create reliable backups of your data.
- Update all your devices.
- Automate your defenses at the edge of your network (firewalls) and on your endpoints (“next-gen” antivirus on computes and phones).
- Exercise a healthy does of paranoia when dealing with links and attachments in your email.
Taken together, these four steps form a solid security foundation for businesses and individuals. They also provide an excellent launch pad for more in-depth security measures for organizations that need them.
Want a hand securing your devices or network? Contact me with questions or to get a quote for services.