Ransomware: An Overview

Ransomware! The word alone strikes fear in the hearts of CIOs, CISOs and hospital administrators alike. Since the Anthem breach, there have been several hospitals across the U.S. and many more globally that have been affected. One hospital, reportedly, was turning away patients.

What is Ransomware?

Ransomware is malicious software which blocks access to a computer system or data in some way until a sum of money is paid. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying.

There are a few different attack vectors or methods:

·       Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.

·       Ransomware can be downloaded by unwitting users by visiting malicious or compromised websites.

·       It can also arrive as a payload, either dropped or downloaded by other malware.

·       Some ransomware are delivered as attachments to spammed email

The most significant threat can often be ransomware which connects to file shares, encrypting centrally stored data which is critical to operations.

What is the history?

The first known ransomware was the 1989 “AIDS” trojan (also known as “PC Cyborg”) written by Joseph Popp. Basically, victims would receive a floppy disk (remember those?) labeled “AIDS Information Introductory Diskette”, and while booting the malicious software would hide directories and encrypt the files on the C drive. It then prompted the victim to renew a license and contact PC Cyborg Corporation to admit payment (for the $189) which was sent to a PO Box in Panama. It had limited success because the method of delivery was “snail mail” and the age of home computing was still in its infancy.

There was a pretty significant lull in activity until 2005 when a new type of ransomware was utilized: Misleading Apps. This malware exaggerated the impact of issues on the computer and required payment to “fix” the issues with the inflected system.

The evolution continued in 2008 when “Fake Anti-virus” software was introduced which would fake scans claiming to find large numbers of threats and security issues on the computer. The user would then be prompted to make a payment for software that would remediate all the issues found.

In 2011, we began to see “Locker” ransomware which would disabled access and control of the computer, effectively locking up the computer from use.

Today, we are seeing what most people recognize as ransomware:  Cypto-ransomware. This is what we’ve seen in the news where the malware encrypts local and network file shares and databases.

 

Visit the Resources page of our site and download the complete Ransomware Overview, and learn what the future holds and what you can do to protect your organization.