What is Ransomware?
Ransomware is a form of malware that is deployed by malicious groups or individuals in order to extort their victims for financial gain. These types of malwares behave in a way where they will encrypt a victim’s files, rendering them inaccessible without the proper decryption key, and then demanding a ransom via a form of cryptocurrency for the decryption key. It has also become more common where the malicious attacker would exfiltrate the victim’s files, and threaten the victim that they would publicly release their private data and files should the victim choose not to pay the ransom.
Targeted files by ransomware could be anything from private images or videos, corporate documents, even critical files that maybe necessary for a webserver to run.
These forms of malware are typically deployed via a Trojan disguised as a legitimate software or file in order to trick the victim into opening them and thus unknowingly deploying the ransomware in their system. However, there are historical precedence of ransomware, such as the Wannacry worm, that traversed internal networks without the need for user interaction in order to carry out its dirty deed.
Typically, these malware can be downloaded via a malicious email attachment, a phishing link leading to a hidden click download, or even a seemingly benign pop-ad. At the extreme of cases, malicious hackers have directly hacked into targets through spear phishing in order to drop their ransomware payloads on specifically targeted networks.
A brief history of Ransomware
In 1989, the very first known malware extortion attack was carried out by a malware called the “AIDS Trojan” written by Joseph Popp. However, due to a failure of design, it was actually possible to extract the decryption key right out of the malware code itself. Interestingly enough Popp promised to donate the extorted sums to fund AIDS research, hence why it ended up being called “AIDS Trojan”. It was also known as “PC Cyborg” to some communities.
Following, in 1996, Adam Young and Moti Yung proposed utilizing public key cryptography in these attack methods so that the actual private key needed for decryption remains with the attacker. This removed the critical design failure of having the decryption key in the malware code itself. Young and Yung also theorized the idea of utilizing electronic money extortion in such attacks long even before electronic money even existed. Criminals soon caught on, and although rare, we started gradual targeted use of ransomware and extortion malware attacks on corporations and business culminating in prominent Trojans such as Gpcode and Archiveus. Little did they realize their fathomed extortion protocol would be a reality sooner than they may have realized.
However, we would only begin to see the ransomware floodgates truly open with the rise of cryptocurrencies in 2013. In 2013, Cryptolocker pioneered utilizing Bitcoin as a way to collect extortion payments from their victims. Today, every single ransomware utilizes some form of cryptocurrency in order to extort and collect payments from their victims.
Ransomware has evolved to target no only windows based operating systems, but also others such as Linux based servers, android mobile OS, et cetera. Today, ransomware is classified as the most dangerous cyber threat to both businesses and individuals. It has become a multi-million-dollar industry for malicious actors and state sponsored activities.