Can Ransomware Spread Through WiFi? (If Yes, How?)

Ransomware is a billion-dollar industry. Experts estimate we’ll see one ransomware attack every two seconds by the 2030s. We don’t have to go that farther in time to experience one, as threat actors are becoming better at spreading malware. So, can ransomware spread through WiFi?

Ransomware can spread through WiFi. Specific types of malware infect routers to spread throughout a network. Hackers often target public WiFi, so they can have a bigger sample of victims. Office networks are an ideal target too. Securing your router is a must to prevent that.

Sometimes, it’s impossible to get rid of router ransomware. Other times, a simple router reset will do, though that’s not reason enough to tempt fate. It’s important to understand how to prevent this issue. The best way to start is by understanding how ransomware spreads.

Table of Contents

How Does Ransomware Spread Through WiFi?

Ransomware spreads through WiFi by infecting routers or devices connected to one. Having an infected device connected to an open network is enough to infect every part of that system.

WiFi is an airborne way different devices have to interact with each other. It’s no different than plugging different computers using a cable. Malware tends to spread from one device to another, meaning it’s impossible to prevent ransomware from spreading if you don’t contain it.

Sometimes, you don’t need an infected device to fall prey to ransomware. Threat actors have developed viruses that spread from one router to another by proxy: if your router is close to an infected one, a virus will try to brute force its way into infecting it too.

Who Does Ransomware Target?

Threat actors are happy to use their ransomware on anyone they can. Many believe hackers only target companies for a big payout – but they’re happy to infect your device to see if they can get a quick payday.

In fact, threat actors often target small businesses because they have weak defenses. Large companies have big IT departments working to stop attacks, though that’s not the same for smaller players.

For that reason, emphasizing cybersecurity measures is important, whether you’re a big or small company or work independently. Familiarizing yourself with common WiFi viruses is key to preventing an infection.

Do WiFi Viruses Exist?

There’s no doubt WiFi viruses exist. This type of malware appeared halfway through the 2010s – and hasn’t stopped doing damage ever since. WiFi viruses include ransomware and other types of malware.

Known WiFi Viruses:

  • Chameleon. The first virus that spread through WiFi. Chameleon was as groundbreaking as it was dangerous: it lurked in the background while accessing hundreds of websites to give threat actors a profit. It was the first of its kind – but not the last.
  • Emotet. One of the worst viruses roaming around the internet. It’s polymorphic, meaning it changes its own source code throughout time. It started as a Trojan horse that targeted bank information, though it evolved to spread via WiFi. Once it infects a router, it looks for others nearby and tries to brute force the login credentials to continue spreading itself.
  • Mirai. This type of malware is harmless because it is easy to remove. Infected users simply have to restart their router to eliminate this virus. However, your router belongs to a botnet until you realize what’s going on.

What’s an Infected Router?

An infected router contains malware that may infect other nearby routers or devices connected to it. Threat actors look to infect routers so they can have an entry point to a network, helping them infect every other device in that system.

Threat actors often work that way because it’s the easiest way to spread malware or ransomware. Instead of infecting one device and risk detection, they look for a common access point and infect every device they can in one swift motion, only to do damage.

What Does an Infected Router Do?

Malware will have an infected router inflict damage in any way it can: spreading to devices and other routers as it looks for potential victims. After an infection, they will continue to spread even further (if possible) and steal data from or use infected devices to their advantage.

An infected router is a vector: it’s there to look for devices (e.g., your computer, phone, or tablet) to infect. That way, the malware reaches its desired destination and can do damage.

The common way these viruses do harm is by stealing your data, locking you out of your device, or turning your device into part of a botnet. The scope of this article focuses on ransomware, though infected routers could cause other issues too.

How To Detect an Infected Router

It’s easy to detect an infected router, as devices will act erratically once they’re infected. However, malware may stay dormant for a while, so it’s always a good idea to scan your device if you recently connected to unknown or unsecure networks. It’s time for a scan if you notice these signs too.

Signs you have an infected router:

  • Slow Internet Connection. Malware often bottlenecks your bandwidth because it’s using it for other reasons. For example, infected devices often become the unwilling part of a botnet. In other words, threat actors infect your network to use your devices in their DDoS attacks, making your internet considerably slower.
  • Website Redirection. An infected router may not have the capacity to infect your device directly – but it can give it a push in the right direction. By redirecting your browser to malicious sites, malware will try to bait you into falling for phishing attempts or have you download more malware.
  • No HTTPS. You know your data is encrypted when you see HTTPS on your screen. Not seeing it means you’re accessing unsecure websites – or that your router is infected. HTTPS uses a protocol to encrypt data, which hackers don’t want to happen, so they use malware to disable it.

How To Prevent Router Ransomware

  • Strong Passwords. The simplest way malware spreads through WiFi is by looking for routers with weak passwords to crack. These viruses crack this type of passcode via brute force: they go through a list of commonly-used choices (e.g., “12345”, “password,” or the network’s name). If it’s a match, they access and infect the router.
  • Proper Infrastructure Configuration. A weak password is not the only way to welcome a virus. You can also leave the door open for them to join your network. An easy way for ransomware to attack your router is having outdated software or open ports, among other things.
  • Not Downloading Suspicious Files. The strongest passwords and most secure lines of defense will do nothing to defend your network if you download a virus yourself, making you patient zero. For that reason, staying away from suspicious links is a must.

Is Public WiFi Secure?

Public WiFi is not secure: it’s a common way to fall for malware or similar attacks, making it one of the things you have to avoid if you want to follow cybersecurity best practices. Under certain circumstances, you can rely on encryption to use a public connection, though it’s not recommended.

People working from home may get bored staring at the same four walls on their own and decide to go to a coffee shop to work. Unfortunately, that’s a terrible idea. Hackers target public WiFi networks because multiple people use them.

However, you may need to check your emails or do something urgent in a coffee shop. In that case, you need to use a VPN and never disclose vital information, even if you’re using encryption.

Remember that doing so protects you from hackers sniffing data, though you remain susceptible to malware infection. For that reason, it’s always a good idea to scan your devices before connecting them to your home network.

Will a WiFi Virus Infect My Cloud Storage?

Your cloud storage could have ransomware that may infect your computer, and you could have ransomware that may infect your cloud storage. Hackers have been targeting the cloud for years, and not focusing on security when dealing with it could have terrible consequences.

What’s the worst part about cloud viruses? They remain dormant for a while if necessary. That means you’ll infect several storages (if you use more than one), other devices, and more – before you realize what happened.

At the same time, certain pieces of malware are not content with infecting cloud storage alone. They also create malicious social media accounts with infected attachments, so people can get their devices infected that way too.

For that reason, cybersecurity best practices still apply on the cloud and elsewhere: rely on strong passwords, use encryption, and stay away from links you can’t trust.

Conclusion

Ransomware (and other types of malware) can spread through WiFi. A poorly-protected router will make you an ideal victim, though falling for certain attacks or downloading infected attachments could turn your computer into a patient zero. Following good cybersecurity practices is the best way to prevent either scenario.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.