The notorious ransomware - a short history, introduction and how to protect against them

The notorious ransomware - a short history, introduction and how to protect against them.

You probably think that ransomware is something new, that emerged from dark cyberspace not long ago. That is entirely wrong, ransomware appeared back in December 1989, long time ago. The father of ransomware is Joseph L. Popp - American biologist educated at Harvard. The method he used is very different from today's practices.

It all begins with him walking into a post office with a massive stack of envelopes labeled with PC Cyborg Corporation name. As soon as he dispatched the massive stack of envelopes the new era of ransomware begun. This was the very first ransomware case that used as deploy method a service that was centuries old: the post office.
All the envelopes, 20.000 in number, arrived in 90 countries around the world at different laboratories studying AIDS containing a 5 ¼-inch floppy disk. In one of the attacks a female scientist from World Health Organizations, joyfully inserts the 5 ¼-inch floppy disk into her computer to study the latest discoveries about AIDS in the hope that a cure can be found.
After she inserts the floppy disk, the computer displayed only the message "Restart your computer now," after the demanded operation was done another message saying Turn on your printer, which will print a letter requesting $189 for the encryption key, which must be sent to a P.O. Box in Panama.

One Italian Laboratory lost a decade of work after the ransomware scared them in such way that they deleted everything causing irreparable damages to the AIDS research program.
Joseph L. Popp was later arrested at his parent's house in Ohio, but the significant damage was already done: cyber-ransomware was created.
Today's ransomware is more different and sophisticated then Joseph L. Popp ransomware which was decrypted very quickly by the computer technicians from that time. Most of the ransomware form now days are deployed using malware, making this type of cybercrime one of the most prolific and profitable making attacks of this type rise by 50% in 2017 alone.

All ransomware malware is divided into two distinct categories: Screen Lockers and Encryptors. For a better understanding, our cybersecurity team will walk you through the concepts or Screen Lockers.
The reason why ransomware situations work most of the times is that of FEAR, one of the very first emotions, old as the world, that people experience. Because of FEAR, the perpetrator has the upper hand on the targeted victim.
Cyber ransomware work, in the same way, taking advantage of the fear of losing valuable and sensitive data or precious pictures with your family and friends.

The less sophisticated ransomware types that rely on this kind of emotions are Screen Lockers.
Screen Lockers does less to no harm to you and your data, it targets your emotions with false accusations and repercussions. This type of malware is easily distributed through infected emails or malicious software downloaded from obscure sites.
Here are two of most common and used types of ransomware:
Metropolitan Police scam that hits user from now when he is doing day by day work or surfing the internet. Out of nowhere a full-screen window pop-ups at victims screen displaying a false law enforcement logo and saying with capital letters that METROPOLITAN POLICE is accusing the victim of viewing/storage and dissemination of banned pornography (child pornography/zoophilia/rape etc.).

After letting that message sink and create deep fear into victim's heart, another screen will pop up displaying a window containing the web camera feed from victim's device letting him look at his face to imply even more fear to trick him that is under surveillance. After this no action will work, the video feed window and the message window will not go away demanding victim a $300 fine to drop accusations.

The second one is a variation of METROPOLITAN POLICE scam, named FBI MoneyPak. This type is making accusations for illegally downloading and storing music, movies or software. It is tricking its victims to think they are under surveillance and will go to prison by displaying their IP address.
If you ever encounter this type of attacks don't worry, nothing critical will happened to you, your device or your data. Your machine is infected with a malware probably downloaded from shady parts of the web or received by email, this type of malware just hijack your device to imply fear and trick you to pay the fine.

Never ever pay the fine, it is a scam. Just download top antivirus software, and the malware will be gone, then keep that antivirus software active all the time in your device, updating it, the OS and other apps as soon as an update is available and you should be safe having nothing to worry about.
The real problem, the troublemakers, are encryptors. They can do an enormous amount of damage making the data they encrypt irrecuperable in most of the time.
One type of encryptor demanding ransomware is CrytoLocker, which makes users data irrecuperable within 72 hours after the infection if the pay is not done. It is using a countdown to imply more fear and trick the victim to pay the amount demanded. This type of ransomware is no joke.
CrytoLocker is deployed through email, and a victim is tricked to download a zip file attached to a particular email that contains a password for that zip file. After entering the password, a private encryption key is generated and the 72h begin, making any action a little too late for the victim. In many cases, the key is not delivered so don't bother to pay the demand only if the data has enormous importance for you it worth the try. The only thing that can be undone in this case is having, always, a backup file of your data.

The more notorious and dangerous ransomware encryptors are Petya and WannaCry launched by North Korea on 12th of May last year. This type of malware is indigenously designed, incorporating everything terrible that malware can have.
They don't need a deploying method because they can self-replicate from an infected device to travel through internet and networks looking for security flaws to infect other machines, once a device is breached all its data is encrypted, and nothing can be done.
Let's not forget that WannaCry successfully reached and encrypted a quarter of million devices from 150 counties which means that in a matter of days the whole world was hit by a single destructive malware.
Our cybersecurity analyst says frequent data backups can avoid this kind of situations, frequent OSs and software updates and last but not least investing in top antivirus software.

MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)

Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)

The free antivirus is with limited features.

About CyberByte About CyberByte