Ransomware a story that begins in 1989

Ransomware is one of the most productive cyber threats. We have been hearing various things throughout 2019 and it is rather unlikely that we will stop listening in the near future.

Οργανισμοί, επιχειρήσεις, σχολεία και δημόσιες υπηρεσίες έχουν πέσει θύματα επιθέσεων ενός κακόβουλου λογισμικού που κρυπτογραφεί το , και απαιτούν εκατοντάδες χιλιάδες δολάρια σε bitcoin ή κάποιο άλλο κρυπτονόμισμα για την επαναφορά των .

Although the authorities advise victims not to pay the ransom demanded by criminals, many choose to pay hundreds of thousands of dollars because they see it as a very quick and easy way to restore their network. This means that the criminal gangs behind ransomware are making millions of dollars.

So today we are talking about one of the main scourges in cyberspace. But do you know how it started and when? In December 1989 a hacker launched a major threat to the world, only to be widely used thirty years later.

The first case of what we know today as ransomware was named AIDS Trojan, because it targeted participants at the World Health Organization's AIDS conference ( AIDS) in Stockholm in 1989.

The hacker sent floppy disks with malicious code and installed itself on systems της εποχής. Το κακόβουλο it counted how many times each machine started. So after 90 reboots, the trojan was hiding all the folders and encrypting the names of all the files on the disk.

The victims received a notice claiming to be from PC Cyborg Corporation stating that their software had expired and that they had to mail $ 189 to an address in Panama to regain access to their system.

ransomware
Image: Sophos

It was the first ransom demand in the digital world.

Fortunately, the encryption used by the trojan was weak, so security researchers were able to release a free decryption tool. Thus began a battle that continues to this day, with cybercriminals developing ransomware and researchers trying to unlock files for free.

After this first attack, it took 20 years to see ransomware as we know it appear more and more often. But the first attacks were very simple compared to ransomware on the market today.

A common form of this type of ransomware was the attack with the police virus, which changed the user's desktop in a note claiming to come from the police and stating that the system had been locked for illegal activities.

No encryption was used in these attacks and many times the "lock" could be removed by restarting the computer. But for some it was enough to pay hundreds of dollars.

Police virus attacks peaked between 2010 and 2012. They did not disappear - but were replaced by what we now know as real ransomware.

It was a new idea and the general public who did not know what it was did not understand what was happening. It was the time when "dogs were tied to sausages" for criminals.

Ransomware

Then came ransomware that used to encrypt files.

The explosion of Bitcoin helped a lot as criminals started demanding their ransom in cryptocurrencies because the transactions were more difficult to detect.

2016, the ransomware-as-a-service was now established, with malware creators hiring the ability to carry out attacks. It proved to be a very successful business model and by the end of the year, ransomware variants were among the most common malware families.

Slowly but surely, ransomware attacks have shifted their focus from home users to businesses and organizations, encrypting entire and asking for tens of thousands of dollars.

However, the ransomware was somewhat controllable. But in May 2017, that changed with his arrival WannaCry ransomware.

That day, too many were confronted with a message demanding a ransom in exchange for the safe return of their files. WannaCry has spread around the world with the help of EternalBlue, one NSA tool hacking, which was released a few months earlier.

The damage would be much greater if a security researcher did not find out killswitch of the attack. North Korea has been blamed for the attack (without being confirmed) and it should be noted that although there were many who paid the ransom, there was no mechanism for recovering the files. The attack was purely destructive.

A few weeks later, something similar happened to Petya / NotPetya, an attack likely launched by and also hit targets around the world.

But despite the high profile of the two incidents, this was not the end of ransomware, as companies are still not paying attention to their networks, making ransomware even more powerful and profitable.

Since then, ransomware attacks have become more daring. In fact, by combining attacks with the use of stolen credentials and other techniques, attackers bypass network security and unleash ransomware even on servers that contain .

Sometimes businesses do not want to pay for a security and storage network that they may never use. But this is prevention. Watch out for something that may never happen.

Reading all of the above is a good start to learn from history. Ransomware is here to stay, and if we do not want to have it for the next 30 years we must learn to be careful.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).