Ransomware is a form of malware that encrypts media, document and other files on the target PC and access to those files is only granted once the attacker’s ransom demands are met.
Currently, there are two types of ransomware — one which locks certain files on a computer and other which locks the entire system. The latter is mostly found on smartphones.
Ransomware has been around for more than a decade now. The first instances of such an attack were found in Russia in 2005 with Trojan GPcoder.
Early History: The Russian Connect
The first known ransomware virus to create trouble on a large scale were developed by Russian organised criminals and came to the fore in 2005 and 2006.
These malware infected PCs in Russia, Belarus, Ukraine and Kazakhstan. One of the strains of malware was called Archievus and another called Troj_Cryzip.A.
While the former encrypted the ‘My Documents’ folder, the latter identified and moved certain file types in a PC to a password protected Zip folder, which would only be unlocked when the victim transferred a few hundred dollars to the attacker via E-Gold — electronic currency before Bitcoin.
E-Gold was discontinued in 2009 under directions of the US government due to a large number of criminals using it to launder money. Following that, Bitcoin and prepaid debit cards are being used as a method of collecting ransoms.
Nearing the end of the first decade, numerous ransomware attacks also cropped up impersonating law enforcement agencies. These attackers would harass the victims with false allegations such as copyright infringement and extract ‘fines’ for these non-existent charges.
The most notorious of these law enforcement impersonators was Reveton, a ransomware which would work locally. Depending on the country that the victim is based in, Reveton would impersonate the national police.
The developers made localisation efforts for almost all European countries, USA, Australia, Canada and New Zealand. The ransomware didn’t use encryption to lock the user’s files, which made it easier to remove with an antivirus or via the safe mode.
In 2012, another ransomware targeted Windows Master Boot Record (MBR) and replaced it with a malicious code. When an infected system was booted, the user would receive instructions to pay a hefty amount via QIWI — a Russian-owned payment system — in order to get access to their device.
Modern Day Crypto-Ransomware
One of the modern day ransomware methods was first found in 2012-13. CryptoLocker was the first widely successful malware programme which garnered north of $27 million in ransom money.
CryptoLocker is encrypted using a 256-bit AES key and a 2048-bit RSA key, which makes the encryption almost unbreakable even if the malware is removed — making it one of the most effective ways for attackers.
The victims in these attacks were asked to pay $400 or more in order to receive the decryption key and were threatened with deletion of the key if they failed to pay within 72 hours.
In 2014, CryptoLocker was taken down by a consortium of government agencies, security firms and academic institutions in Operation Tovar. Later on, they also launched a service for people affected by CryptoLocker which helped them decrypt their devices free of cost.
Although CryptoLocker’s threat didn’t last long, but it surely helped attackers explore the world of ransomware and ascertain just how lucrative it can be — resulting in a number of strains of ransomware being released in the market thereafter.
CryptoLocker was followed by TorrentLocker, a ransomware programme which surfaced as an email attachment — usually a word file with malicious macros — that locked certain kinds of files on the computer with an AES encryption.
The TorrentLocker is still active and has evolved a lot over the past few years. The newer versions rename all the infected files on a computer, which makes it impossible for the user to identify which files have been encrypted and restore the files via backup.Ransomware doesn’t only infect Windows PC but Linux and Mac OS too. In 2015, a ransomware strain was found infecting PCs running on Linux and in 2016, a strain was found meant to attack Mac computers.
In the past decade, crypto-ransomware attacks have dramatically increased as fake anti-virus and other misleading apps have declined in numbers. In 2016 alone, 638 million ransomware cases were reported.
How to Fight it?
There are a healthy number of websites and security firms that are trying to inform people regarding the threats of malware and also supplying them with tools to prevent it as well as decrypt the information that has been locked by an attacker.
Popular antivirus service such as Avast has come up with their decryption tools for Windows and for Android to help people tackle the growing menace of ransomware. These tools are free to use and cover a wide variety of ransomware, though some of the new ones might not be covered, but it still can give you a start.
No More Ransom is a website which provides news about the latest developments in the ransomware ecosphere as well as directs users towards tools that can be used to fight these threats. The website is a joint effort of Netherlands Police, Europol, Kaspersky Lab and Intel Security.
If you have found a tool that can guide you through decrypting the ransomware affecting your PC currently, then all you need to do is identify it. ID Ransomware is a website which helps you do just that, all you need to do is upload a copy of the ransom note.
If you’re looking for a tool that offers protection to your Windows PC in real-time, then CyberReason Ransomfree is the answer to your needs.
Ransomware has been a menace in the era of internet connected devices and as IoT become commonplace, it can prove to be an even bigger issue.
Currently, ransomware only affects your device or files and revokes user access until the ransom is paid but with the emerging popularity of Smart Home devices, losing access to your device would just be the start of your worries.
Last updated on 03 February, 2022
The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.