DED9

Evolution Of Ransomware; From AIDS Trojans To Triple Extortion

The number of ransomware is increasing daily, and they are asking for multi-million dollar ransoms by encrypting and locking the Victims’ sensitive data. How can this process be stopped?

These days we hear a lot of news about new ransomware attacks. Initially, the requested fee was limited to a few hundred dollars; But today, it has reached millions of dollars; But how do we get to the point where we can save our data and services for ransom and pay millions of dollars for just one attack? Can we hope that this process will end one day?

The first ransomware

One of the achievements of Dr. Joseph L. The pope in biology was the use of computer software to demand ransom. In December 1989, Pope used the mail to publish nearly 20,000 floppy disks labeled “Preliminary Disk Information” among hundreds of medical research institutes in 90 countries.

Each disk contained an interactive questionnaire that assessed the risk of contracting AIDS based on the answers. Next to this questionnaire was ransomware called AIDS Trojan. The ransomware encrypted users’ computer files after rebooting several times.

Printers connected to infected computers printed instructions for sending bank transfers, cash registers, or international money orders to the Panama Post Office for $ 189. Pope planned to send another two million records, but he was arrested at the World Health Organization’s AIDS seminar on his way back to the United States. For all the evidence against Dr. Pope, he was never convicted.

Fortunately, Dr. Pope’s code included symmetric cryptography, and computer specialists at the time had the decryption tools needed to thwart the ransomware. There were no significant ransomware attacks between 1991 and 2004, But some saw this silence as the calm before the storm.

Technological advancement and evolution of ransomware

Cybercriminals had access to three major benefits that Dr. Pope denied in the early 2000s:

1. An ultra-fast and efficient transmission system that connects millions of computers worldwide (World Wide Web).

2. Access to stable asymmetric cryptography tools that were almost impossible to decrypt.

3. A payment platform that ensures speed, anonymity, and the ability to automate decryption tasks (such as Bitcoin).

The following is a summary of key events in the ransomware history:

Recently, security researchers and attackers have been using virtual machines to hide ransomware encryption activity on host files and folders, so that antivirus programs could not detect them.

Evolution of ransomware methods

Today, ransomware attackers have become more aggressive thanks to advances in technology and are using creative methods to improve ransomware success. Cybercriminals have focused on basic infrastructure and larger organizations. In 2016, for example, several hospitals were targeted by ransomware, including Hollywood Medical Center, Ottawa Hospital, Kentucky Methodist Hospital, and several others.

Some hospitals were lucky and used recovery and support policies; But unfortunately, others had to pay a ransom to restore their medical services.

In March 2018, many of Atlanta’s online services went offline after a ransomware attack. $ 55,000 bitcoin ransom not paid, But recovery costs reached $ 2.6 million. In May 2021, the DarkSide ransomware disabled essential infrastructure responsible for delivering 45 percent of a week’s gasoline consumption in 13 US states.

Colonial Pipeline was the victim of the attack and paid $ 4.4 million to recover its systems. Such large-scale payments continue, leading even attackers to creative ways of using ransomware.

Attacking ransom on hospitals can cost lives.

There is another method called Encrypt and Exfiltrate. Based on this method, attackers identify network vulnerabilities and use them to extract data. In addition to encrypting the victim file, attackers steal sensitive data and publish it if they do not receive a ransom; Therefore, even if the organization can prevent a ransomware attack using backups, it cannot prevent its data from being hacked leaked.

Vastaamo, a Finnish psychiatric clinic with about 40,000 patients, was the victim of one of the newest methods called Triple Extortion. In this type of attack, medical files are encrypted, and a large ransom is required to obtain the password; But attackers also steal patients’ data.

Vastamo patients received separate emails shortly after the initial attack asking for a small ransom. Otherwise, they eventually filed for bankruptcy due to data leaks and financial losses.

The future of ransomware

According to Cybersecurity Ventures, ransomware attacks have reached 57 percent since the beginning of 2021 and caused $ 20 million in damage in 2020 alone, which is 75 percent more than in 2019.

Ransom attacks are very meticulous in selecting victims and target organizations such as health care, facilities, insurance, and law that are essential service providers and are more likely to pay the ransom.

Nearly 40 percent of new ransomware attacks involve data breaches that use triple and double extortion methods. In addition, REVil (a Raas group) offers Distributed Denial of Service (DDoS) attacks and VoIP fraudulent calls as free services to its affiliates (real attackers who infiltrate the system) to ransom victims promptly.

But why did ransomware attacks so suddenly increase? The reason for this is the high profit of these attacks. Even if a small percentage of these attacks succeed, they will still have a high return on investment.

Consider, for example, the biggest profits of the biggest ransomware attacks:

These attacks make up only a small percentage of successful ransomware campaigns. Unfortunately, large-scale payments encourage attackers to find new ways to infect and spread viruses.

Another criterion must be considered: the growing level of attacks. In 2017, fifty-five traffic cameras in Victoria, Australia, were targeted by WannaCry for human error. The impact of this attack was minimal, but it was evidence of new targets for cybercriminals.

Due to the slow process of security updates and the increasing number of vulnerable Internet of Things (IoT) devices worldwide, the chances of ransomware attacks are increasing.

Experts also fear that ransomware will appear in cloud services, targeting infrastructure as a service (IaaS) and platform as a service (PaaS).

Also, the younger generation is influenced by series like Mr. They will be robots and will have access to multiple resources, including Hack the Box, more than previous generations. Newcomers to ransomware are looking to learn and test their skills.

Underground ransomware is growing and complex, with all the hallmarks of a legitimate business: consider, for example, a community of skilled malware developers, RaaS providers, and their affiliates, IT customer support teams, and even attacker-responsive operators.

If you provide your personal data to service providers and rely on technology for all your tasks and routines, you have encouraged ransomware attackers to take hostages and steal information.

As a result, it is possible to predict an increase in ransomware attacks, aggression, and the creation of ransom payments. In particular, the first payment can be for decryption of data and the second payment for non-disclosure.

Light in the dark encryption tunnel

Colonial Pipeline hacking emphasizes the vulnerability of modern society. The attack led to increased anxiety and concern among the affected cities, raising public fears for fuel purchases, fuel shortages, and rising gasoline prices.

Ransomware costs are not limited to ransom payments. Damage and data destruction, system shutdowns, reduced post-attack productivity, costs associated with subsequent investigations, system recovery, improved system security, and staff training are hidden and unplanned post-attack costs.

Police agencies are also concerned about cyber-attacks on hospitals and their deadly consequences. The negative impact of ransomware on human life and society can no longer be denied or ignored.

The ransomware working group (RTF) started at the end of 2020; The coalition includes more than 60 members from various industrial, governmental, legal, and national sectors seeking a solution to stop ransomware attacks.

RTF in 2021 report entitled “Fight against ransomware; Published a Comprehensive Practical Framework outlining 48 high-priority recommendations for solving ransomware problems.

Although no arrests were reported, the FBI recovered 63.6 bitcoins ransom ($ 2.3 million) paid in the Colonial Pipeline attack.

The FBI and other law enforcement agencies worldwide were able to disrupt the ransomware element, and the NetWalker was used to communicate with victims. Earlier this year, the Emotet was thwarted, a necessary tool for transmitting ransomware to victims through phishing.

These solutions are like a drop in the ocean compared to the number of ransomware attacks in recent years; But global and public awareness organizations, public and private, emphasize active work to neutralize ransomware threats.

Die mobile Version verlassen