Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The ransomware saga
#1
Bug 
Quote:
[Image: history-of-ransomware-feagured.jpg]

Ransomware, once represented by screen blockers that were almost cute, has come of age.

If you follow information security, you have probably heard a lot about ransomware in recent years. You may even have had the misfortune of being on the receiving end of an attack. It is perhaps no exaggeration to describe ransomware as the most dangerous malware of our time.

But did you know that such malicious programs have been around for more than 30 years, and that researchers predicted many features of modern-day attacks back in the mid-1990s? Do you want to know why cryptors replaced blockers, what the largest ransom in history was, and what AIDS has to do with it all?

Then read on, for we have compiled a history of ransomware with the answers to these and many more questions. Together, let’s trace the development of blockers, cryptors, wipers, and other ransomware nasties over the past few decades.

Ransomware dictionary

The following terms appear frequently in the text.

Cryptography — the science of preventing outsiders from reading confidential information. Encryption is one aspect of cryptography.
Symmetric encryption — a data encryption method in which one key is used both to encrypt and to decrypt the information.
Asymmetric encryption — a data encryption method that involves the use of two keys: one public to encrypt the information, and one private to decrypt it. Knowing the public key does not help with decryption; that requires the private key.
RSA — a commonly used asymmetric encryption algorithm.
Ransomware — any malicious program that forces the victim to pay a ransom to the attacker. Ransomware includes blockers, cryptors, and wipers disguised as cryptors.
Blocker — a type of ransomware that blocks or simulates the blocking of a computer or mobile device. Such malware typically shows a persistent message with a payment demand on top of all other windows.
Cryptomalware (cryptor) — a type of ransomware that encrypts user files so they cannot be used.
Wiper — a type of malware designed to wipe (erase) data on the victim’s device. Sometimes ransomware simulating a cryptor actually turns out to be a wiper, damaging files irreparably; so even if the ransom is paid, it is still impossible to recover the data.
RaaS (Ransomware-as-a-Service) — a criminal scheme whereby creators lease ransomware to anyone who wants to distribute it for a cut of the proceeds. It is a kind of cybercriminal franchise.
1989: The first ransomware attackDr. Joseph L. Popp, a biological researcher, created the first known cryptor. Popp took advantage of widespread interest in AIDS; hence his malware became known as the AIDS Trojan.

In those days, the Internet was still in its infancy, so Popp used a highly original (by modern standards) delivery method. Having gotten mailing lists of subscribers to the WHO AIDS conference and PC Business World magazine, he sent victims a floppy disk with a sticker reading “AIDS Information

Introductory Diskette” along with detailed instructions for installing the program. License agreement said that by installing the program, the user agreed to pay the company $378. But who takes things like that seriously?

In fact, the installer served to deliver the malware to the hard drive. After a certain number of system boots, the AIDS Trojan became active, encrypting file names (including extensions) on the C: drive of the infected computer. The names turned into a jumble of random characters, making it impossible to work normally with the files. For example, to open or run a file, it was first necessary to work out what extension it should have and to change it manually.

At the same time, the malware displayed a message on the screen, saying that the software trial was over and the user must pay a subscription fee: $189 for one year or $378 for lifetime access. The money was to be transferred to an account in Panama.

The malware used symmetric encryption, so the key to recover the files was contained right in the code. Therefore, the problem was relatively easy to solve: Retrieve the key, delete the malware, and use the key to recover the file names. By January 1990, Virus Bulletin editorial advisor Jim Bates had created the AIDSOUT and CLEARAID programs to do just that.

Joseph Popp was arrested, but the court found him mentally unfit to stand trial. He did, however, publish the book Popular Evolution: Life-Lessons from Anthropology a decade later.

1995–2004: Young, Yung, and the ransomware of the future

Perhaps because the AIDS Trojan failed to enrich its creator, the idea of encrypting data for purposes of ransom did not generate much enthusiasm among scammers of the day. Interest in it returned only in 1995, and in the scientific community.

Cryptographers Adam L. Young and Moti Yung set out to learn what the most powerful computer virus would look like. They came up with the concept of ransomware that uses asymmetric encryption.

Instead of using one key, which would have to be added to the program code, to encrypt the files, their model used two, public and private, which kept the decryption key secret. What is more, Young and Yung hypothesized that the victim would have to pay using electronic money, which did not yet exist.

The cybersecurity prophets presented their thoughts at the IEEE Security and Privacy conference in 1996, but they were not well received. Then, 2004 saw the publication of Malicious Cryptography: Exposing Cryptovirology, in which Young and Yung systematized the results of their research.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>