Ransomware: Extortion via the Internet

Operation

Ransomware typically propagates as a conventional computer worm, entering a system through, for example, a vulnerability in a network service or an e-mail attachment. It may then:

Disable an essential system service or lock the display at system startup.
Encrypt some of the user’s personal files.
Prompting the user to enter a code obtainable only after wiring payment to the attacker or sending an SMS message and accruing a charge.
Urging the user to buy a decryption or removal tool.

More sophisticated ransomware may hybrid-encrypt the victim’s plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. The author who carries out this cryptoviral extortion attack offers to recover the symmetric key for a fee.

History

The first known ransomware was the 1989 PC Cyborg Trojan, which only encrypted filenames with a weak symmetric cipher. The notion of using public key cryptography for these attacks was introduced by Young and Yung in 1996 who presented a proof-of-concept cryptovirus for the Macintosh SE/30 using RSA and TEA.

Examples of extortive ransomware reappeared in May 2005. By mid-2006, worms such Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. Gpcode.AG, which was detected in June 2006, encrypted with a 660-bit RSA public key. Gpcode.AK, detected in June 2008, uses a 1024-bit RSA key, which is believed to be large enough to be computationally infeasible to break without a concerted distributed effort.

Please access the link below to get more detailed information about Ransomware and its dangers to vulnerable systems and solutions to defend your system from this Phenomenon.

Ransomware: Extortion via the Internet:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: