Ransomware might be a relatively new player in the battle for the Internet, but its short history shouldn’t belittle the damage that it can do to both businesses and users of personal computers. Perhaps you’ve had the misfortune to encounter it for yourself, and your files were locked down because of it. Regardless, ransomware is now a prevalent part of the online crime scene, and people are using it to extort money from innocent users, making it a considerable threat.
Ransomware might be used with malicious intent, but it wasn’t always meant to be used this way. In 1986, two Pakistani brothers, Basit and Amjad Alvi, built a piece of software that instructed users to call a phone number if they encountered a warning message. The goal was to use this program to identify piracy and protect the brothers’ assets, but with anything even remotely useful and helpful to society, someone out there managed to find a way to turn it against the masses and make a profit off of it.
The code created by the Alvi brothers was soon modified to lock down files, creating what’s known today as the PC Cyborg/AIDS virus, which was delivered on a floppy disk labeled “AIDS Information Introductory Diskette.” When it’s installed on the system, it restricts and hides files on the computer’s hard drive. The threat would then demand that the user pay $189 to a P.O. box in Panama in order to “renew their software license.”
The Return of Ransomware
Nearly two decades later, ransomware returned with a vengeance. In 2006, a trojan horse called GPCoder (also known as PGPCoder) was developed to encrypt files with common extensions (.doc, .html, .jpg, .xls, .zip, .rar, etc). They then extorted money out of the user by dropping a simple text file into each folder stating that the user had to pay in order to receive instructions on how to decrypt the files.
At around the same time, the software started to evolve and create new strains that would resemble the sophisticated attacks we see today. The type of encryption grew more powerful, which made it easier for hackers to use without placing themselves at much risk. The result is natural: more frequent ransomware attacks, which led to easy profits for hackers.
In 2013, the world saw the debut of what’s considered the beginning of a contemporary ransomware takeover: CryptoLocker. CryptoLocker is delivered through infected email attachments that appear to come from legitimate sources. The ransomware itself is embedded in the email in the form of a .zip file that may be disguised as a .pdf file. Once the user unpackages the files, the ransomware is installed and adds a security key to the user’s registry. This allows the hacker to hijack the user profile and lock down the files on the system.
There are several known variants of CryptoLocker, many of which work the same way and produce the same results. One in particular, CryptoWall, is known to spread across infrastructures and infect multiple endpoints, making it exceptionally dangerous. Despite security companies’ best efforts to protect against ransomware, it has grown very popular and difficult to control once it’s been installed on a user’s PC.
What do you to ensure that your company’s employees are aware of the best practices to protect your network and data against ransomware and other threats?