A cryptoworm is a type of malicious computer software that spreads itself across a network by exploiting system vulnerabilities and encrypting files on an infected computer. The ransomworm will then demand a ransom payment, typically in the form of cryptocurrency, in exchange for the decryption of the files. As a worm, once an initial host has been compromised, a cryptoworm will use its worm capabilities to propogate itself through the target network.
Cryptoworms can spread in a variety of ways. They can spread by taking advantage of weaknesses in operating systems and applications, such as unpatched vulnerabilities or using phishing to lure a user into downloading the malicious code. They can also spread by exploiting removable media such as USB drives, or through network shares by exploiting weak passwords or misconfigured security settings.
- WannaCry - WannaCry cyptoworm.
- NotPetya - NotPetya also took advantage of the leaked EternalBlue exploit. In 2017 the NotPetya attack took out much of Ukraine's national infrastructure and the capabilities of many global corporations doing business there.
- Ransom worm
- Crypto worm