Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ransom...what ? The Black Plague of Computers

31 views

Published on

Ransom…what? Here’s a friendly reminder to our new readers: a ransomware is a malicious software that can highjack your data by blocking access to it, that is, unless a ransom is paid. It enters your computer through existing system vulnerabilities or through malicious mailing campaigns spreading pretty much the same way as a Trojan horse.

Nowadays, the exponential growth of ransomware is overshadowing the evolution of other types of cyber-threats. But there’s a reason for that! This criminal activity – a very successful business as we’ll see – is fooling an increasing number of naïve users, targeting more and more established businesses.

But what are the origins of this type of cyberattack, its variations and what is hiding beneath the flourishing economy of the global ransomware threat?

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Ransom...what ? The Black Plague of Computers

  1. 1. #Ransom…what ? The Black Pleague of Computers Ransom…what? Here’s a friendly reminder to our new readers: a ransomware is a malicious software that can highjack your data by blocking access to it, that is, unless a ransom is paid. It enters your computer through existing system vulnerabilities or through malicious mailing campaigns spreading pretty much the same way as a Trojan horse. Nowadays, the exponential growth of ransomware is overshadowing the evolution of other types of cyber- threats. But there’s a reason for that! This criminal activity – a very successful business as we’ll see – is fooling an increasing number of naïve users, targeting more and more established businesses. But what are the origins of this type of cyberattack, its variations and what is hiding beneath the flourishing economy of the global ransomware threat? The Original “PC Cyborg Trojan” To gain a better understanding on how a ransomware works and what are its impact today, it is useful to know where it all started. The first ransomware that was ever recorded dates back to 1989. Named PC Cyborg Trojan or AIDS, this ransomware, encoded by Joseph Popp (an English biologist) was contained on a floppy disc. Under the false- pretence of providing information on the AIDS disease, its goal wasn’t in fact so noble: after counting the number of times the PC was booted, once it hit 90, the ransomware encrypted the machine and the files contained on it. Afterwards, it demanded the user to ‘renew their license’ with ‘PC Cyborg Corporation’ by sending $189 to a post office box. Sent to over 20,000 organizations and businesses – mostly operating in the health sector – this ransomware made the news, not only because it was one of the first of its kind, but also because of the ‘cause’ it was hiding behind (and the organizations it targeted, mostly committed to AIDS research). Doctor Popp was finally arrested and was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research. Promise that remains unfulfilled to this date. To block or to encrypt: that is the evolution. The AIDS ransomware gave us an early taste of what was about to become, as of 2013, a worldwide phenomenon. After a few years of standby, several ransomware started appearing with a new and improved tactic, damaging more and more machines all around the world with their sophisticated attacks. The main ransomware evolution is contained within the intensity and the complexity of the attacks, with a major turning point right about the time the Bitcoin first appeared (see our previous blog article about Darkweb). Ransomware can be divided in two types: we first notice the blockers, that are simply blocking the access of the victim’s data and equipment, without directly damaging it. This kind of ransomware was soon replaced by encrypting ransomware, that is even more ferocious. Indeed, this type of malware encrypts the victim’s data, promising to give it back as it was before the attack, in exchange for money. To get a better idea of the general increasing number of malware around the world, it might be useful for you to know that over 60 ransomware families were created in the past year alone (according to Kaspersky).
  2. 2. The Ransomware Threat, lucrative and sustainable activity Today, ransomware is not only particularly sophisticated but it has also become more and more recurring and malicious. Take for instance, PopCorn Time (that encourages its victims to infect other users in order to escape their fate and avoid paying a ransom) or Satan, a Ransomware As A Service (a ransomware kit ready to be deployed). Besides being terribly effective, the use of ransomware is a very successful and attractive activity to some, as we can see judging by the rise in bitcoin prices, multiplied per 5 in a single year. Hackers’ stubbornness is consequently not going to weaken and it seems likely that the number of ransomware will only continue increase in the next years. One cannot be surprised, since in 2016 experts counted a ransomware attack every 40 seconds (according to Kaspersky). Trendy Locky Having emerged for the first time in 2016, Locky has become in a single year one of the most widespread and successful ransomware, being active in more than one hundred countries. Its favorite target? Flourishing businesses. Indeed, Locky spreads using a common method, namely phishing campaigns, and succeeds to make countless victims with an effective strategy: billions of emails are sent with subjects such as “print”, “documents”, “invoice” or “scans”, tricking users, used to receiving such messages in a professional environment. The idea is simple: make them open the attached file and trigger Locky’s payload. Beyond its effective strategy, Locky adds one more ingredient to its recipe of success: indeed, every hacker can use its main version just by changing the payment destination. “Thanks to” this ease of use, Locky wasn’t only sent from one machine but from hundreds. Being a trendy ransomware, Locky is today competing with new ransomwares such as Cerber, but it manages to stay strong and reinvent the rules of the game as it goes, emerging every time more powerful than ever. To be ableto faceransomware and getrid of this threat once and for allin the most effectiveway, it is necessary to view the issue from another perspective. In other words, put yourself in the hacker’s shoes. The real challenge is here, in managing to reinvent your way of thinking in order to compete with nowadays continuously evolving and mutating cyber-landscape.

×