The biggest cyber-threat from around 2005 till this very day is ransomware. Many of you may have heard about it or have even been a victim of it, but do any of you ask questions such as “Why is ransomware so efficient?” Or, how it came into existence in the first place? What has been fuelling it? In this article, I will provide you with a brief history of that kind of malware threats and some insight on the evolution of ransomware.
始める前に, it is important to understand what types of ransomware exist and what exactly ransomware is.
ランサムウェアの2つの主要なタイプが流通しています. The more common one is crypto Ransomware, 個人のファイルとデータを暗号化するように設定されています. もう1つはロッカーランサムウェアとして知られています, そしてそれはコンピュータをロックし、ユーザーアクセスを防ぐことを目的としています. どのタイプがコンピュータシステムに感染するかに関係なく, 最終的には, それらのすべてはあなたのファイルを取り戻すために支払われるべき身代金を要求します, またはPCのロックが解除されました.
Ransomware comes in the form of a Trojan horse, a virus or a mixture between the two. A Trojan horse presents itself as something useful, but for it, to function, you have to give it access to your computer. An example of that is opening an email attachment. The biggest difference between Trojan horses and viruses is that a virus replicates itself. The virus must execute itself so it can work and it often will put its code in the execution path of another program.
Now that we have clear-cut definitions, we can start with a brief history of ransomware. The timeline can be divided into five different periods that have something that defines them and makes them unique.
1989 and the First Ransomware
The first ever ransomware is known to be the so-called AIDS Trojan. Set in motion by Joseph L. Popp in 1989, the Trojan was put on around twenty thousand diskettes. They were distributed to attendees at the international AIDS conference, held by the World Health Organization. Because the Trojan used symmetric cryptography, it did not take long for decryption tools to be created, which made a full recovery to all files hit by the attack.
2005-2006 and the Return of the Ransomware
From 1989 to 2005 nothing significant happened related to ransomware. しかしながら, in the year of 2005, lots of fake programs for spyware removal emerged. These software programs claimed to fix critical issues on it and wanted you to buy a license in the average of 50 US dollars. In actuality, they fixed next to nothing and only exaggerated with the errors they uncovered. に 2006, インクルード “Archievus” virus came into being. This was the first ever ransomware that used asymmetric encryption and the RSA algorithm to do it. People had to buy a decryption password from specific Web sites. 幸運なことに, it only encrypted the folder My Documents on Windows-based PCs.
2008-2009 and the Fake Antivirus Applications
Since 2008, ransomware took a slight turn into being more serious as the interface for misguiding software became that of Antivirus software. Lots of fake Antivirus programs compromised computer systems. They looked and acted almost the same as their legitimate counterparts, but could demand up to 100 US dollars for “fixing” problems on your PC. As a reason for the higher price, these applications provided fake technical support for years on end.
2011-2012 and Locker Ransomware
In this period, ransomware programs became more severe. Due to previous not-so-successful attempts for criminals to extort money from users, they upped the ante. Locker ransomware peaked, demanding between 150 そして 200 US dollars, but also prevented the access and control over an infected computer machine. Before this peak, this type of ransomware originated back in 2008, where a fake Windows Security Center message was pushed on your screen. You were more or less forced to call a premium phone number, and panicked users did so as they were unable to access their computers. に 2012, the locker screens looked as if real law enforcement agencies placed them.
2013 to This Day – Crypto Ransomware and the Emergence of Bitcoin
それ以来 2013, ランサムウェアは、支払いシステムとしてビットコイン通貨を使用しています. これは、CryptoLockerランサムウェアがビットコインを二次支払い方法として利用したときに始まりました. この暗号化ウイルスの効率は非常に高かった, そしてそれはいくつかの理由によるものでした. One of them was its rapid spread on a massive scale using an already existing botnet – GameOver Zeus. ペイロードファイルは、電子メールの添付ファイルとして配置され、企業や企業を対象としました. 暗号化は非常に洗練されていました–特定の拡張子を持つファイルを暗号化するためにAES256ビットアルゴリズムを使用しました, 次に、AESキーを暗号化するための2048ビットRSAキー. そのキーはコマンドアンドコントロールサーバーに送信されました, Torネットワーク上に確立. それは要求した $300 支払いとして.
The golden era of ransomware followed as the prevalent type of such malware is still the cryptovirus and a lot of criminals mimic CryptoLocker and implement its tactics into their own design of malware. Cyber criminals can demand hefty sums for data decryption. For a single computer the ransom price can reach up to 5,000 US dollars, and there have been many companies and hospitals that have paid a couple of times more than that amount.
Ransomware has been evolving a lot – Cerber ransomware talks to you and now spreads as a game; there are multiple examples of crypto viruses using Exploit Kits; ones that hide in memory; ones wrapped in a code-packer to avoid detection and other which self-delete after encryption. It is terrible that a Bitcoin payment service hosted on a Tor network is virtually untraceable, しかし、最悪の部分は、ランサムウェアが現在毎日提供されており、停止の兆候が見られないことです。. 良い点は、セキュリティスペシャリストがセキュリティプログラムを強化し、ランサムウェア対策ツールを開発するように促したことです。.