The PPT gives introduction about the ransomware attack which took place in 2013. It also have terms related to cyber security that may be useful to understand the event.
2. Case Study: Cryptolocker Ransomware
Ransomware: It is a software that damages user’s data or makes it
unavailable for user. In order to reverse the effect of damage or making
the data available the person OR the group who is responsible for
spreading the software demands ransom.
Cryptolocker Ransomware Attack: It was a ransomware attack which
took place using trojans and encrypted data of many users for which
they got 3 million dollars as ransom.
3. Details: Cryptolocker Ransomware
To spread a software via Internet can be done in many ways. One of
which that was used in Cryptolocker Ransomware attack was e-mail
attachments.
The attackers needs to send email-attachments using botnet so that
he/she cannot be backtracked easily.
The new question is “What is a botnet?”
4. Botnet
Definition: It is a group of compromised devices that can be accessed
remotely to perform any possible task by device. Many users may not
know even if their device is accessed remotely and it is performing any
unethical activities.
Such group of devices can be used to perform ‘DoS (Denial of Service)
attack’ where the whole group sends email attachments or connection
requests to a single server in order to flood traffic and down the
particular site or service so that it is unavailable to real users.
5. Botnet: Cryptolocker Ransomware
In Cryptolocker Ransomware Attack, a botnet named ‘Gameover Zeus’
was used.
The attackers used ‘RSA encryption algorithm’ to encrypt the data
which needs a private key to decrypt the data.
The attackers had number of such private keys for each encrypted data
and they threatened users that if the ransom is not get paid in time
then these keys will be deleted and they will loose their data once and
for ever.
6. Statistics: Cryptolocker Ransomware
The trojan was first posted on internet on 5 September,2013.
The attackers got about 3 million dollars as ransom.
The database having all private keys was later found by ‘Operation
Tovar’ and many users were able to get their data back for free.
Who was the attacker?
Russian hacker Evgeniy Bogachev was found to have alignment with the
botnet used for attack.