Ransomware is a form of malware that encrypts media, documents, and other files on the target PC, and access to those files is granted only when the attacker’s ransom demand is met.
Christoph Scholz | Flickr
Currently, there are two types of ransomware — one that locks certain files on the computer and the other that locks the entire system. The latter is mainly found on smartphones.
Ransomware has been around for over a decade now. The first cases of such an attack were found in Russia in 2005 with the GPcoder Trojan.
Early History: Connecting Russia
The first known ransomware virus to cause trouble on a large scale was developed by Russian organized criminals and gained notoriety in 2005 and 2006.
Source: Blogtrepreneur | Flickr https://howtostartablogonline.net/
PCs infected with this malware are in Russia, Belarus, Ukraine, and Kazakhstan. One of the malware strains is named Archievus and another is named Troj_Cryzip.A.
While the former encrypted the ‘My Documents’ folder, the latter identified and moved certain file types in the PC to a password protected Zip folder, which would only be opened locked when the victim transfers a few hundred dollars to the attacker via E-Gold — the pre-Bitcoin cryptocurrency.
E-Gold was discontinued in 2009 at the direction of the US government due to a large number of criminals using it to launder money. Accordingly, Bitcoin and prepaid debit cards are being used as a method of collecting ransom.
Zach Copley | Flickr
Near the end of the first decade, numerous ransomware attacks also emerged impersonating law enforcement agencies. These attackers will harass victims with false accusations like copyright infringement and charge ‘fines’ for these nonexistent fees.
The most famous of these law enforcement impostors is Reveton, a ransomware that operates locally. Depending on the country the victim lives in, Reveton will pose as a national police officer.
The developers have worked on localization for most of Europe, USA, Australia, Canada and New Zealand. Ransomware does not use encryption to lock the user’s files, which makes removal easier with anti-virus software or through safe mode.
In 2012, another ransomware targeted the Windows Master Boot Record (MBR) and replaced it with a malicious code. When an infected system is booted, users will receive instructions to pay a large sum of money via QIWI – a Russian-owned payment system – to gain access to their device.
Modern-day Crypto-Ransomware
One of the modern ransomware methods was first found in 2012-2013. CryptoLocker was the first widely successful malware program to collect $27 million in ransom.
CryptoLocker Ransomware | Photo: Christiaan Colen/Flickr
CryptoLocker is encrypted with a 256-bit AES key and a 2048-bit RSA key, making the encryption virtually unbreakable even if the malware is removed — making it one of the most effective against those the attacker.
Victims in these attacks are asked to pay $400 or more for the decryption key and are threatened with having the key removed if they don’t pay within 72 hours.
In 2014, CryptoLocker was taken down by a consortium of government agencies, security companies, and academic institutions during Operation Tovar. Later, they also launched a service for people affected by CryptoLocker, helping them decrypt their devices for free.
While CryptoLocker’s threat didn’t last long, it certainly helped attackers explore the ransomware world and determine how lucrative it was — leading to several strains of ransomware hitting the market afterward. .
Symantec
Following CryptoLocker is TorrentLocker, a ransomware program that appears as an email attachment — usually a word file with malicious macros — that locks certain types of files on a computer with AES encryption.
TorrentLocker is still active and has evolved a lot over the past few years. Newer versions rename all infected files on the computer, which makes it impossible for the user to identify which files were encrypted and restore files through a backup.
Ransomware infects not only Windows PCs but also Linux and Mac OS. In 2015, a strain of ransomware was found to infect PCs running on Linux, and in 2016 a strain was found to attack Mac computers.
Over the past decade, cryptocurrency ransomware attacks have increased dramatically as fake anti-virus and other misleading applications have decreased in number. In 2016 alone, 638 million ransomware cases were reported.
How to fight it?
There are many websites and security companies that are trying to inform people about malware threats and give them the tools to prevent and decrypt information that has been hacked. key attack.
iphonedigital | Flickr
Popular antivirus services like Avast have launched decryption tools for Windows and Android to help people tackle the growing threat of ransomware. These tools are free to use and cover many types of ransomware, although some new software may not be included, it can still get you started.
No More Ransom is a website that provides news on the latest developments in the ransomware ecosystem as well as directs users to tools that can be used to combat these threats. This website is a joint effort of Dutch Police, Europol, Kaspersky Lab and Intel Security.
If you have found a tool that can guide you to decipher the ransomware that is affecting your PC, then all you need to do is identify it. ID Ransomware is a website that helps you do just that, all you need to do is upload a copy of the ransom note.
If you are looking for a tool that provides real-time protection for your Windows PC, then CyberReason Ransomfree is the answer to your needs.
Ransomware is already a threat in the age of internet-connected devices, and as IoT becomes ubiquitous, it could become an even bigger problem.
Currently, ransomware affects only your device or files and revokes user access until the ransom is paid but with the increasing popularity of Smart Home devices, the loss of Access to your device will only be the beginning of your worries.
Categories: How to
Source: thpttranhungdao.edu.vn/en/
