The surging popularity of ransomware attacks indicates that it is highly unlikely that these attacks will decline in the near future, especially that the price of bitcoin and many altcoins is skyrocketing. Ahead of the growing number of ransomware attacks all over the world, network security professionals, cybercrime specialists and computer users alike should understand the technical, social and economic impacts of ransomware attacks.
Accordingly, throughout this series of articles, we will present and analyze the correlation between ransomware and cryptocurrency and how we can utilize the unique features of blockchain systems to understand various forms of ransomware attacks.
History of Ransomware:
Surprisingly enough, the world was introduced to the first class of ransomware malware in 1989, when Dr Joseph Popp, a biologist, created a trojan horse known as “PC Cyborg”, and used it to infect floppy disks that he labeled “AIDS Information – Introductory Diskettes” and provided to a group of AIDS patients. Whenever a floppy disk containing PC Cyborg was inserted into a PC, it monitored the number of system boots, until a predefined threshold number of boots is reached (90 times in most cases); this will signal PC Cyborg to encrypt and hide all directories and files of the infected system’s local drive. The ransomware would then prompt victims, whose PCs were no longer working, to pay the PC Cyborg Corporation $189 in order for their files to be decrypted and their PCs would be operational once again.
For a myriad of reasons, PC Cyborg and other early forms of ransomware malware weren’t thought of as serious threats by internet security professionals as well as the general public. Also, ransomware was not an attractive choice to cybercriminals seeking online extortion. First of all, PC Cyborg utilizes a basic encryption algorithm to encrypt victims’ files, so it was easy to analyze and crack its encryption scheme. Secondly, the payment method,’ wired transfer, is very indiscreet and can help trace back cybercriminals, given the fact that cybercriminals’ priority is to hide their tracks and not be traced back. Even though later developments of ransomware during the following years involved much stronger encryption algorithms, rendering it almost impossible to decrypt victims’ files via brute-force strategies, the lack of an untraceable payment method, remained an essential issue that halted the development of ransomware malware.
Fast forwarding to the year 2013, ransomware attacks appeared prominently on the surface of cyberattacks when a new class of ransomware trojans, known as Cryptolocker, helped hackers extort more than $30 million from businesses and individuals in a period of around 100 days. The rate of growth of CryptoLocker attacks was unprecedented and in a matter of a few months, ransomware attacks represented a major threat on the landscape of cybercrime. Additionally to relying on a more complex encryption algorithm, ransomware attackers had finally found an ideal payment method to extort money online without being traced back. This was achieved by leveraging Bitcoin; a pseudonymous blockchain based cryptocurrency.
Cryptolocker has opened the door for a new generation of file encrypting ransomware that utilizes cryptocurrencies as its money laundering vehicle, but even more, it has taken online financial extortion to novel uncharted heights on a worldwide scale.
Throughout the next part of this series, we will look closely at Cryptolocker attacks and their economic, technical and social impacts on businesses as well as individuals.
Image from Flickr