The Web’s Greediest Villain: Ransomware
Blog Article Published: 10/07/2015
(Example A. Screengrab: PCRisk.com)
With criminal groups all over the world reaping exponential rewards, ransomware is now big business. By tracking bitcoin transactions, a computer science grad student reported that on January 15, 2013, a single address associated with ransomware received over $1 million in bitcoin. For criminals in the ransomware game, the average ROI is 1,425%.With returns like that, it is no wonder that ransomware has grown into an enormous, notorious global extortion machine. It’s one of the web’s most costly nemeses—a true super villain—with an equally evil origin story. An Evil Villain with an Evil Origin Ransomware, first known as cryptoviral extortion, was born in 1989. The malware was quaintly distributed on 20,000 floppy disks by post. Instead of an adult website advertisement or an email attachment promising 70 percent off select items at J.Crew—two of the many ways malware distributes and disguises itself today—this first incarnation’s disguise was something much crueler. The floppy disks, distributed to scientific research institutions throughout 90 countries, were masquerading as AIDS education software. The program became known as the “AIDS Trojan.” When you first inserted the disk, you were taken through a questionnaire that calculated your risk of contracting AIDS. The file encryption was programmed to begin after the computer was rebooted a certain number of times. When their ransom notes arrived—also by post—the victims were instructed to turn on their printers, which spat out the demand for a payment of $189. They had no clue that the seemingly innocent AIDS app was to blame. Payments were made to a P.O. box in Panama. Only then did the victims receive the decryption key—also on a floppy disk in the mail. After analysis, the code used in this first iteration of ransomware was found to be weak and easily reversible. The story was well covered by British media where the first attacks were reported. The mastermind, Dr. Joseph L. Popp, was a Harvard-educated biologist loosely associated with the victims through the World Health Organization, where he had recently been denied a job. In the end, Popp pled insanity and was set free. (Read the whole story here.) More important than Popp’s fate, the World Health Organization scandal or the product of the software itself was the concept. In 1989, an idea was born. You could steal someone’s files without physically stealing them. You could blackmail the owner. You could perform cyber extortion. This legacy left a massively destructive blueprint for a generation of criminals to come. Today’s cybercriminals are smarter, stealthier and have the benefits of ubiquitous Internet connectivity, unbeatable open-source cryptography resources and nearly anonymous online bitcoin depositories. Today, ransomware follows the same pattern as Popps’ AIDS Trojan, only everything is bigger: larger criminal organizations, higher ransom payments and malware with greater reach. Earlier this year a strain called VirRansom was released. Experts have already dubbed it, “the AIDS of ransomware.” How evil! How…fitting.