RANSOMWARE ATTACK
HOW TO RESPOND Encryption is used to foil decryption tools
By Rishi Bhargava
Between 2005 and 2016, ransomware infections were more common than data breaches, making them the most pervasive cyber threat of the last 11 years. Ransom- ware attacks may encrypt folders and files or even the entire hard drive, or they may just lock the devices so that users cannot
access them. In recent years, attacks have become increas- ing sophisticated; crypters can make reverse-engineering extremely difficult, and offline encryption methods can elimi- nate the need for command and control communications by taking advantage of legitimate features.
A report from Kaspersky Lab revealed that its solutions found ransomware on more than 50,000 computers connected to cor- porate networks in 2015, which was twice the number detected
the year before. In 2016, almost $210 million was paid to ran- somware cybercriminals during the first quarter alone, and the FBI estimated that without paying losses for the year would have exceeded $1 billion.
Ransomware is not actually a new method of attack. The first known instance was PC Cyborg, a Trojan distributed by Dr. Jo- seph Popp in 1989. The malware would encrypt all files and hide all folders on the computer’s hard drive. A script demanded $189 in ransom, and the computer would not function until payment was received and the actions reversed. It did not take long for re- covery tools to reverse the effects, but newer attacks have featured stronger encryption to foil decryption tools, making it almost im- possible for victims to unlock their own computers.
Approximately 17 years after the introduction of PC Cyborg, a new strain called Archievus was released. Archievus was the first ransomware attack to use RSA encryption as well as the first known ransomware to use asymmetric encryption. It encrypted every file in the “My Documents” directory, and it was very difficult to remove
NS6
0817 | NETWORKING SECURITY
2YouStockPhoto/Shutterstock.com