Ransomware is a composite word made up of two words ransom and software. In simple terms, ransomware is a type of computer virus or a rouge program. To understand a ransomware attack, it is best to start by breaking down what is a computer virus first. Computer viruses are not biological microorganisms, but they do share some characteristics of these microbes.
A computer virus is a piece of software or a computer program that can lock operating systems like Windows, Android, iOS, Linux, etc., entirely or partially. Like the real viruses, the computer viruses also act like foreign invaders that can hinder the functionality of a program, steal information, or even put the privacy of the victims at risk.
Ransomware is one of many types of computer viruses. As its name suggests, ransomware is the type of virus that is used to steal information or data from a victim by threat actors or hackers. The hackers then use the data to blackmail and demand compensation from their victims in the form of money, securities, gold coins, or even cryptocurrencies.
Introduction to Ransomware
Kaspersky is one of the most sought-after cyber security providers and anti-virus developers in the world. According to Kaspersky.com, ransomware is a type of computer invading protocol that can lock a user out of their data and allow hackers to demand extortion money from their victims.
Wikipedia classifies ransomware under the ‘crypto virology’ class of malware. The website further explains that hackers use a variety of data encryption methods that can prevent the original user from accessing their digital information. Encryption is a technique that requires solving mathematical puzzles to acquire the key or password of the locked data. As a result, the victims have to consider the monetary demands of ransomware hackers.
McAfee is another well-known anti-virus developer and cybersecurity services provider. According to the site, ransomware software or viruses can prevent the victims from accessing important documents, any type of content, private information, social media pages, bank accounts, cryptocurrency wallets, or any other type of database. Ransomware attacks are often created to initiate a chain reaction that allows them to spread from one system to another, mimicking the behavior of a real-life virus.
Origin of Ransomware
The first public representation of a ransomware attack was demonstrated by two IT researchers at Columbia University. Adam Young and Moti Yung were two academics who introduced the novel idea of crypto virology to the world in 1996 at the IEEE Security and Privacy Conference. The crypto virology software prepared by Young and Yung allowed the launchers to lock the information of a targeted computing device with an encrypted code.
This ransomware displayed directions for its victim to send an ‘asymmetric ciphertext or a coded message and contact the attackers. Attackers can send this victim a decryption key in exchange for payment. It is worth noting that Young and Yung created ransomware to explore the possibilities of encryption technology.
First Ransomware Attack
Eventually, the ransomware got into the wrong hands, and it was weaponized. The first time a hacker used Ransomware for illicit purposes happened in 1989. The event is called AIDS virus or AIDs Trojan. The instigator of AIDS was a biologist named Joseph Popp, who sold 20 thousand copies of his malware on floppy disks. The victims of the attack were the attendees of the World Health Organization AIDS conference.
As soon as the victims inserted these floppy disks into their computers, they were locked out of their PCs and received a message from the hacker. This ransomware took advantage of the default settings of hardware that automatically locks the C-drive files when the reboot count goes above 90 times. Popp asked his victims to send $189 to a P.O. Box address by the name of PC Cyborg Corporation in the Panama Islands.
Most Notorious Ransomware Attacks in History of the World
The first-ever ransomware attack called AIDS Trojan is considered a fairly mild event. While it attracted attention for its peculiarity, cybersecurity experts neutralized the attack due to its simple symmetric nature, and the victims did not have to pay a massive amount in the form of compensation. However, Dr. Popp unwittingly opened a Pandora’s Box by setting this example that was followed by a series of mega ransomware attacks:
- CryptoLocker
CryptoLocker is one of the most notorious ransomware attacks of all time. Some estimates suggest that it caused collective damage of $27 million in 2014. The hackers, in this case, targeted users with fake emails from FedEx and UPS that claimed to share tracking information with the users. The attackers of CryptoLocker demanded compensation in the form of Bitcoin to hand over the decoded files.
- NotPetya
NotPetya is burned into the memories of cybersecurity experts as a fearsome ransomware incident. The ransomware targeted the biggest tech enterprise at the time named, Microsoft. This ransomware exploited the master boot protocol of Windows operating systems to encrypt the files of its victims. The ransomware left behind a trail of destruction since the hackers did not show interest in sharing the decryption key.
- WannaCry
WannaCry is another attack directed at Microsoft Corporation products. Before the experts at Microsoft released a patch to disable WannaCry ransomware, it affected more than 300 thousand PC users that were using Windows 7. The unexpected attack spread like wildfire and devastated a massive number of computer owners within 4 days. US intelligence agencies speculate that the attack was launched by North Korean hackers.
- Bad Rabbit
Bad Rabbit is a good example to demonstrate the real damaging potential of a ransomware attack. The hackers, in this case, targeted entire governments, namely Russia and Ukraine. The hackers were after the media corporations operating in both neighboring countries. It was a spear-phishing attack that posed as an Adobe Flash update and required manual approval for installation on the system of the victim. The hackers asked for $280 for decryption but never honored their part of the bargain, according to reports.
- REvil
REvil is considered one of the most dangerous hacking groups of all time. REvil is a professional hacking group that conducts proper research on its victims before launching a cyber-attack and uses social engineering techniques to blackmail its victims. REvil has carried out a ransomware attack that took out Kaseya software, and they also sell custom-made ransomware for buyers on the dark web.
What are the components that are necessary for Ransomware?
It is clear by now that ransomware is a piece of code that hackers can use to target and exploit their victims. Here are some rudimentary components of ransomware that are the building blocks of every ransomware project:
- Coding and Programming Languages
Ransomware is a program or software. The hackers who can read and write coding languages can also write such programs. Every single software and computer program is made from a mixture of several programming languages. Hackers are also IT experts who can create the type of anti-programs using the same programming languages to create and execute ransomware.
- Networking
Like real viruses, computer viruses cannot transfer from one PC to another through the air. However, hackers use input options like floppy disks, CDs, and USBs that are spiked with a virus. Today technologies like the internet, intranet, and Bluetooth can be used to spread ransomware from one infected system to new targets.
- Technical Vulnerabilities
Since hackers are also computer programmers and software developers, they can recognize the technical vulnerabilities or limitations of any existing program. Therefore, a hacker can put together a code that can exploit these entry points and blind-spot and breach the personal files of its victim. Once the ransomware has affected a PC, it can then use encryption to lock the access.
- Mathematical Computation
Encryption is used time and again in this article about ransomware. Throughout history, Mathematicians and writers have perfected the art of hiding information through encryption techniques. The earliest examples of encryptions date back to ancient Egypt in 900 BC, when the engineers of the Pyramids used hieroglyphics to tell their stories.
Encryption techniques were also underused by military generals like Julius Caesar. The same technique also allowed the intelligence agencies of Axis and Allied countries during WWII to transfer messages secretly to their intended receivers. Claude E. Shannon is considered the father of mathematical cryptography. Hackers use the same techniques to write the part of ransomware attacks that lock the victims out of their databases or files. To read the encrypted message, it is necessary to have the secret cipher sequence or decryption key.
- Cryptocurrencies
Cryptocurrencies have become an important part of ransomware attacks. Hackers prefer to use decentralized and privacy-focused digital tokens as compensation like Bitcoin and Monero. A physical ransom collection increases the risk of getting caught, and digital payment options like bank wire can be traced by police. Therefore, most ransomware hackers prefer cryptocurrency networks over other options.
How Does Ransomware Work?
The biggest tech companies in the world like Microsoft, Apple Inc., Google, and many others spend billions of dollars every year to conduct financial audits. These financial audits test the defense capabilities of a program and make them fool-proof from the common hacking technique. Here are some of the most popular techniques that ransomware hackers use on their victims:
- Phishing
Phishing is a type of malware attack where the hackers or ransomware solicitors pose as a verified or trusted source to get an entry into the victim’s system. The victim can receive a fake email from the customer care department of a well-known corporation. In some other cases, the victim can receive social media messages or notifications with infected URLs. When the victims click on the URLs present in these emails, the ransomware program is downloaded to their system.
- Malicious Advertisement
Cybersecurity firms also call this hacking technique Malvertising. In the current era, Malvertising has become a popular method among ransomware hackers. Hackers can send the spiked link to the phone or the system of their victims in the form of a fake advertisement or a pop-up. When the victim tries to click on the fake advert, the ransomware program gets downloaded on their system.
- Social Engineering
Social Engineering is similar to soft skills but for destructive and illegal purposes. Hacking groups like REvil collect enough information on the prospective victim to understand their likes, dislikes, routine, and other sensitive information. They can use certain phrases to impact the judgment of their victims. With this type of information, hackers can tailor a perfect ‘Click-bait’ advert that matches the preferences of their victims and thus coerces them into clicking on the fake advert or responding to a fake message.
- Exploit Kits
These are custom-made ransomware codes that are written to target a specific program or operating system. The dark web has made such exploit kits more popular in the present day and age. Any person with enough money can visit the dark web and buy tailor-made ransomware or other types of exploit codes that can take down a predetermined target like a private website, software, or even a single individual.
How to Deal with Ransomware?
It is not necessary to have a Ph.D. in Mathematics or to be an expert in the IT sector to escape the clutches of ransomware attackers. Most programs and operating systems have evolved with time to deal with such issues, and tech companies constantly work on improving the security of their system. Here are some of the best techniques that can allow you to remain safe and out of the reach of ransomware attackers:
- Precaution
When it comes to ransomware, prevention is always better than cure. Intrinsically, ransomware is designed to spread rapidly from one PC to another, and with techniques like DLL, some hackers can launch mass ransomware attacks without getting detected for a long time. Download new applications from verified app stores and double-check the source of the updates or emails before clicking on unsolicited URLs.
- Anti-viruses
Some great anti-virus software manufacturers scan every program for the user before allowing it to install on the system. For the at-home computer user, it is a great way to stop unwanted ransomware from installing on your system. There are many anti-virus software manufacturers like Avast, McAfee, Avira, and Kaspersky that offer a free version for all OS users. However, a premium version grants better security coverage by encrypting passwords and other sensitive information for the users to keep it from falling into the wrong hands.
- System Updates
Tech companies, application developers, and software companies hire White-hat hackers to find vulnerabilities in their systems and patch them. Among other factors, such system upgrades implement any additional security patches that the developers have recently implemented for the program. It is best to take some time and install these updates on the system to increase its immunity against ransomware attacks.
- Ad-blockers
The average amount of time people spend online has increased significantly due to the popularity of smartphones. Hackers can now launch a massive ransomware attack disguised in the form of a regular online advertisement or a pop-up. Through naked eyes, it is impossible for a human being to detect if a link is legitimate or spiked with malware. One great option to avoid such ads is to install a trustworthy ad-blocker. Ad-block extensions can make the web-surfing experience hassle-free and decrease the chances of ransomware attacks significantly.
- Responsible Web-surfing
Google, the largest search engine in the world, has started to flag websites without the ‘HTTPS: //’ protocol for the benefit of the users. These websites that do not have the SSL certificate are displayed with an ‘HTTP: //’ protocol and carry greater chances of containing ransomware or any other types of malware.
However, HTTPS:// protocol does not warrant 100% safety against threat actors either. There are also a wide range of free and paid browser extensions for Chrome, Firefox, Opera, Safari, Brave, and others that scan billions of websites for authenticity before the users click on them.
- MDM Tools
In the age of smartphones, users have become more vulnerable to hackers. However, depending on the type of operating system and model, anyone can download additional cyber-security protection on their phones from the vast Mobile Device Management or MDM library. The MDM applications operate as anti-viruses for smartphones and alert the users if any malware or ransomware program is detected.
Blockchain and Ransomware
Some people advocate against the adoption of cryptocurrencies due to their associations with ransomware attacks in the past. However, it is worth noting that cryptocurrencies offer many important use cases and can transform the financial and economic infrastructure of the world for the better. Take, for example, simple machines like rope or a knife.
On the one hand, a chef can use a knife to create amazing dishes, but a robber can use the same tool to commit a crime. Likewise, a rope is another ground-breaking human invention that has allowed human beings to build dams, create massive bridges, the automobile, and other great inventions like a playground swing. However, some people may use the same rope to hang themselves.
It is important to understand the advantages of new technology and what a wonderful difference it can make in the world by changing the lives of countless people. Banning innovations is never the right answer. It is better to take our time and develop a better understanding of blockchain to find its full potential.
Conclusion
Ransomware is malware that breaches a healthy computer program and locks it with encryption. Hackers use ransomware attacks to collect extortion money from their victims. Ransomware technology was developed by academics at Columbia University, but it was later hijacked by threat actors like REvil, who used it to target thousands of computer users and demand monetary compensation in exchange for a decryption key.
Ransomware software is developed by IT experts and computer programming experts who can exploit the vulnerabilities present in an existing program. Users should not fear hackers and use prevention methods like Ad-blocks, anti-viruses, and MDMs to prevent the invasion of ransomware on their system or mobile phone. The people who are dealing with ongoing ransomware can also contact cybersecurity firms for help in recovering their data. Historical evidence indicates that hackers can choose to dishonor the agreement and do not share the decryption key with the victims even after getting paid.