
Top stories






More news











Marketing & Media
Chicken Licken bravely debones a rare phobia with their latest campaign
Joe Public 3 days



Ransomware: a brief history
Ransomware and fake-antivirus have been around for many years, relying on social engineering to trick computer users into paying the cybercriminals, so their phoney warnings claim, to avoid fines from police for supposed crimes, or to clean up “viruses” on their computers that don’t actually exist.
But CryptoLocker and CryptoWall – variations of the malware called crypto-ransomware or cryptoware – don’t bother with that sort of trickery. The attackers tell victims upfront that their files have been encrypted by ransomware. Unless you pay for the encryption key held by the attackers, the crooks destroy the private encryption key, making it impossible to recover your files.
The initial Petya ransomware was made by Janus Cybercrime Solutions Professionals and they distributed the source code as a ransomware-as-a-service over the darknet.
The recent outbreak dubbed NotPetya is a modified version of the Petya source code acting as a wiper or a phlashdancer. It is meant to destroy data from the victim's computer and professionals believe the cyber-criminals behind this kind of attack created the ransomware not to profit from it but to cause havoc.
This family of ransomware has many names such as Wanna-Wana, Cryptor-Crypt0r, Cryptor-Decryptor, etc. WannaCry propagates using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol.
Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. The payload works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a ransom note informing the user and demanding a payment in bitcoin. It is considered a network worm because it also includes a transport mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.
A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen.
Crypro-ransomware usually attacks in five stages:
After a victim’s computer is infected, the crypto-ransomware installs itself and sets keys in the Windows Registry to start automatically every time your computer boots up.
Before crypto-ransomware can attack you, it contacts a server operated by the criminal gang that owns it.
The ransomware client and server identify each other through a carefully arranged “handshake,” and the server generates two cryptographic keys. One key is kept on your computer, the second key is stored securely on the criminals’ server.
With the cryptographic keys established, the ransomware on your computer starts encrypting every file it finds with any of dozens of common file extensions, from Microsoft Office documents to .JPG images and more.
The ransomware displays a screen giving you a time limit to pay up before the criminals destroy the key to decrypt your files. The typical price, $300 to $500, must be paid in untraceable bitcoins or other electronic payments.
These are some of the possible ways the department of education was attacked through ransomware. These could be the vulnerabilities:
People’s susceptibilities to manipulation and influence are the biggest security risks to businesses.