By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is an Exploit? -Kaspersky Daily
    8 months ago
    Darkhotel APT in luxury Asian hotels
    8 months ago
    Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware
    8 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    3 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    4 days ago
    W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
    6 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Keylogger found on 5500 sites running WordPress
    Keylogger found on 5500 sites running WordPress
    8 months ago
    Windows 11 build 22622.575 (KB5016694) releases in the Beta Channel
    8 months ago
    How to create restore point on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    3 months ago
    Now you can speed up any video in your browser
    3 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    4 months ago
  • How To
    How ToShow More
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    1 day ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    1 day ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    2 days ago
    The personal threat landscape: securing yourself smartly
    2 days ago
    Announcing new Windows 11 innovation, with features for secure, efficient IT management and intuitive user experience
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to create local account on Windows 10
    4 months ago
    How to enable Nearby Sharing on Windows 11
    3 months ago
    How to enable Previous Versions to recover files on Windows 11
    3 months ago
    Latest News
    How to enable new header UI for File Explorer on Windows 11
    4 days ago
    How to enable free VPN on Microsoft Edge
    6 days ago
    How to use Ventoy to create bootable USB of Windows 11, 10
    6 days ago
    How to fix internal drive detected as removable storage bug on Windows 11
    7 days ago
  • Glossary
  • My Bookmarks
Reading: The Ransomware Plague of 2016
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsThreats

The Ransomware Plague of 2016

Tom Grant
Last updated: 13 October
Tom Grant 7 years ago
Share
8 Min Read

Cryptography and ransom have roots deep in human history. However, only in the past few decades has the world seen what can happen when someone combines them. It started in 1989, when Dr. Joseph L. Popp kicked off the pandemic we know today as ransomware.

Contents
OriginsToday’s ransomwareTypes of ransomwareTrendsWorking hard and looking ahead

Origins

Known as the grandfather of computer-based extortion schemes, Popp distributed his malicious payload at the World Health Organization’s AIDS conference. The disks, labeled “AIDS Information — Introductory Diskettes,” actually came with a warning, printed separately, that the software on them would harm computers.

But who reads documentation, anyway? Some of the 20,000 or so diskettes that Popp has crafted were inserted, causing victims’ computers to lock up and display a ransom demand ($189 sent by snail mail to a post-office box in Panama) that will look familiar to regular readers of this blog.

Today’s ransomware

Little has changed from the original ransomware concept. Perhaps the most notable difference is that rather than collecting payments from a PO box, criminals can now rely on anonymous networks such as TOR and I2P in conjunction with bitcoin to help them evade law enforcement. What is it about this scheme that has made it stand the test of time?

Direct monetization helps. With an average ransom of approximately $300, discussions of million-dollar ransomware campaigns seem far-fetched, but even small increments add up over time — and these extortion schemes have proven both their effectiveness and their staying power.

The average user will eventually face the difficult question of whether to pay ransom or lose their files. Unfortunately, many choose to pay, although we strongly recommend not paying and finding another way if possible, such as finding a decryptor on the No More Ransom site.

The Ransomware Plague of 2016

The number of new ransomware samples detected every day may look daunting, but quantity is actually a smaller problem than quality. A comparatively small number of malware families are coded well enough and gain enough traction to be worrisome, but the few families that are ready for prime time cause serious harm (I’m looking at you, Locky and Cerber). And that is more than enough to keep security researchers busy.

Although even a single actor could launch a ransomware campaign, cybercriminals specialize, and they benefit from teamwork. They take care of technical support, helping their victims navigate the process of buying bitcoins to pay the ransom, all the while improving their malicious code and attempting to fool security researchers and law enforcement agencies. Extortion takes work!

As a business model, ransomware has bloomed in recent years, partly because of new offerings of ransomware-as-a-service turnkey solutions. Although creating most types of malware requires only limited technical skills, crafting well-made ransomware from scratch is a more challenging task. The trick is to get the encryption right (get the encryption wrong and good guys can develop a decryption tool quickly — and we do).

The easiest path for amateurs is a referral business model: dealing with distribution and paying a portion of their loot to the original developers. This sort of deal is unfortunately thriving.

Types of ransomware

The evolution of different types of ransomware — from simple, proof-of-concept brews that relied on third-party tools (such as WinRAR, GPG) to malware implementing code from the Microsoft Developer Network — demonstrates the willingness of cybercriminals to up the ante.

Moreover, nowadays it’s not uncommon to find upscale ransomware capable of deleting shadow copy backups, encrypting external attached or network drives, and even getting to your cloud-synced files. The bar has been raised, and while amateur hour is on, a handful of key players keeps us working late into the night.

Trends

Some newer ransomware variants spotted in Brazil shows that ransomware continues to grow, but more by rebranding than with innovation. Why bother creating your own ransomware code? Even kids without any special knowledge can buy ransomware kits with everything they need to start a campaign, and choose a theme for it. If the branding is interesting enough, it gets media attention and coverage, thus bringing them not only money but also infamy.

The Ransomware Plague of 2016

We have seen more than enough low-quality ransomware making headlines because it used the logo of a popular TV show, an image of a movie character, or even jokes about politicians. However, the flip side of the branding coin, is ease of detection. Many criminals now opt out of choosing a name for their creations, leaving victims stranded with only an e-mail for contacting the crooks and a bitcoin address for payment.

As far as payment methods go, the most popular ransomware families still favor bitcoin for demanding and collecting ransom. Even so, it’s not unusual to find the odd sample that requests payment through one of the widely available voucher methods, such as PaySafeCard. Regional and hand-crafted operations more typically go for a local payment option. However, doing so means forgoing some of the obscurity that comes with blending in with the rest of the ransomware noise that is generated every day.

Working hard and looking ahead

We are slowly shifting from a paradigm of ransomware remediation to one of ransomware intelligence, but we still have a long road ahead. Only by gathering hard evidence and concrete statistics on the problem can we gauge our options appropriately. Unfortunately not everyone affected by ransomware reports the incident, and even those who do, report it to different institutions, making it difficult to collect a complete set of data.

Joining the efforts of enforcement agencies and IT security companies to disrupt cybercriminal businesses with ransomware connections has proven effective. For example, the No More Ransom initiative was born out of a desire to help victims of ransomware retrieve their encrypted data without having to pay criminals.

13 more countries join the #NoMoreRansom fight https://t.co/dQr6RiTLKO pic.twitter.com/aZE2GDIosr

— Kaspersky Lab (@kaspersky) October 17, 2016

With more parties supporting the project, our chances of providing a much-needed framework for dealing with this type of incident improve every day. Each party has only a partial view of the ransomware ecosystem, and so working together is only path to success.

As for users (aka potential victims), knowledge is power. We’ve put together a guide to avoiding ransomware that we highly recommend for everyone who goes online — in other words, everyone.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Encryption, Malware, Microsoft, Microsoft Office, PoC, RC4, Security, Software, Targeted Attack, Threats, Transport Layer Security
Tom Grant October 13, 2022 April 1, 2016
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
Windows 1 day ago
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
Windows 1 day ago
How Oxy uses hooks for maximum extensibility
How Oxy uses hooks for maximum extensibility
Apps 2 days ago
The personal threat landscape: securing yourself smartly
How To 2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordpress Threats 3 days ago

Recent Posts

  • Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
  • NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
  • How Oxy uses hooks for maximum extensibility
  • The personal threat landscape: securing yourself smartly
  • Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

You Might Also Like

Windows

Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16

1 day ago
How Oxy uses hooks for maximum extensibility
Apps

How Oxy uses hooks for maximum extensibility

2 days ago
How To

The personal threat landscape: securing yourself smartly

2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

3 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

How to enable new header UI for File Explorer on Windows 11
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
Announcing new Windows 11 innovation, with features for secure, efficient IT management and intuitive user experience
How to enable free VPN on Microsoft Edge
How to use Ventoy to create bootable USB of Windows 11, 10
Announcing Cohort #2 of the Workers Launchpad
Previous Next
Hot News
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?