Ransomware: The most famous Malware
In our previous blog, we discussed malware- its types and its causes, what are different types of malware and how they work on computers.
Today, we will talk about the most famous malware that ever hit the IT Industry, we will let you know everything about file-encrypting malware and how it works. It is a type of malware that encrypts a victim’s file and the attacker then demands a ransom from the victim to restore the file upon payment. It will provide you an instruction telling you how to pay the ransom in the form of Bitcoin to get the decryption key, the cost ranges from a few hundred dollars to thousands in form of Bitcoin.
Ransomware attacks have been more frequent in recent years as the technology has been evolving. First Ransomware created in the year 1989 by a Harvard-trained biologist Joseph L. Popp (aka ‘father of ransomware’). It was called AIDS Trojan, also known as PC Cyborg. He sent around 20,000 infected diskettes to attendees of WHO. The disk contained a malicious code which locked the files and demanded ransom but since it was a generation one ransomware malware and easy to overcome, but no one knew it was only the start for what was to come in later years.
How Ransomware Works…
There are a number of factors on which ransomware can access your computer, it’s like an unwanted guest in your house to steal your valuables or a thief. The most common delivery system is phishing spam; attachments that come to the victim in an email and would pretend that they have to trust the content, but once they open and download the file on their computer You’re Gone, they have some engineering tools that will install the file on your computer as an administrator and start accessing all the files on your computer. Once that is done they can travel through the network and infect almost all the computers on the domain and as we talked about it will encrypt the files and leave a notepad document for you to pay a ransom in BitCoin. Some ransomware like NotPetya can find security holes to infect computers without needing to trick users.
A Malware is not limited to specific things once it takes over your computer, it can do anything it wants on your computer but the most important thing if we talk about ransomware is it will encrypt your files and ask for ransom in return of it, many people tried but none of them were able to trace the BitCoin payment of the hacker behind those ransomware attacks. We would take a look at some more deep aspects of ransomware.
How Ransomware encrypts files…
We might have heard about Apocalypse ransomware which was found in June 2016 and it got widely spread before it could be defeated. It uses a custom-designed encryption algorithm instead of a standard one and the key is stored in the ransomware.
Every time new ransomware was launched it was designed in such a way that its algorithm would compromise the entire documents on the computer in one shot. It also generated the RC4 key to track down the RC4 algorithm which is running on the computer. It’s like a lock and key with a special pattern with the help of computer language.
However, various versions of ransomware were introduced, and they used a different procedure to encrypt the files with their algorithm, but in order to know more about its various types and working follow the article
How to prevent ransomware attacks…
Defensive techniques to fight ransomware could be several but it depends upon the security practices we follow in our organization is to follow Microsoft technique of zero-day policy and keep the operating system patched and up to date to minimize the vulnerabilities.
Some procedures include, not installing unwanted software that could harm our system, installation of anti-virus software which could automatically detect ransomware once they arrive and prevent unauthorized applications from execution.
File Backup or image-based backup is another important step to secure your documents and prevent them from zero vulnerabilities and threats, however, this is not a technique to stop ransomware, but it could reduce our downtime from the attack.
Early History of Ransomware…
As we already discussed the origin of Ransomware in 1989 by Joseph L. Popp, lets now look at the evolution of the number one security risk to businesses and users.
November 1991, when two cryptographers, Adma L. Young and Moti M Young warned us about new ransomware which was called asymmetric cryptography which had file-locking capabilities and could be used for massive destruction.
April 2005, when the first ransomware program named asymmetric encryption (RSA) showed up, it did the encrypting and the keys were protected with RSA and require a private key.
June 2006, after a huge gap of 17 years another strain of ransomware named Archiveus Trojan was released with RSA encryption, it encrypted the files and required victims to purchase items from an online pharmacy to receive the password. GP code, Krotten, and Cryzip were few name strains that used to spread the malware through email attachments pretending to be a job application file for the users and it used a 660-bit RSA public key which in 2006 was very difficult to crack.
So, if we see the list of tracks related to ransomware we can easily determine that ransomware was not something that began in the 21st century but it was a result of an experiment which was carried out in the mid-‘80s and over time the with the modifications and evolution of technology, the hackers focused on the algorithm pattern and created a malware which proves to be the most dangerous stream in modern technology, we have seen multiple news in which very big companies were compromised due to this dark web technology.
We will be back in our next edition with some more information related to ransomware evolution and the famous attacks due to which we saw multiple falls in share market around the globe.