Top

How NSA, cryptocurrency boosted ransomware epidemic

Ransomwares have become a plague crippling major sectors such as banks, IT firms, hospitals and the public transportation systems.

Ransomware might sound like the latest threat to the online world but if we actually track down its roots, we find that it has been around for almost 30 years. Ransomware is a kind of malicious software designed to encrypt data of a computer system making them inaccessible, and demands a ransom payment in return.

So why does it suddenly feel like the ransomware situation is deteriorating? Well, that’s because it’s actually getting worse. In no time ransomware has grown explosively, becoming a plague crippling major sectors such as banks, IT firms, hospitals, public transportation systems and also video games.

The first identified ransomware attack made the healthcare industry its initial prey back in 1989 and was circulated using the floppy disks. A biologist sent nearly 20,000 floppies to researchers claiming the disks had surveys that would help them in determining a patient’s risk for catching the HIV virus. However, the promotional material didn’t mention that the disk encrypted file names on the infected PCs, making them completely inaccessible.

Victims were left with a message on their systems boot screen demanding a ransom of $189 in order to get access to their computers. The biologist was later arrested and charged with blackmail, while he insisted that the ransom was intended to fund his research on the HIV-virus.

Regardless of the motives of the attack, this ransomware was restricted by two factors: first, the disks were sent via the mail system, and the encryption was reversible without the help of the developer. But decades after the first attack, ransomwares have become much more complicated and resilient.

These ransomwares often leave the victim thinking why them or why now? The answer to both these questions has connections to the cryptocurrency and the National Security Agency.

Frequency and reach are the two important criteria for a ransomware. The US department of Justice has noted around 7,700 ransomware complaints since 2005, which it acknowledged is nowhere close to the actual number of ransomware attacks.

The infamous Wannacry ransomware crippled major industries in over 150 countries. The rise in cryptocurrency and the accessibility to the dumped hacking exploits accumulated by the NSA are the two key factors responsible for its worldwide infiltration. Cryptocurrency or the Bitcoin to be precise allows cyber attackers to receive ransom payments from the victims just by sharing a specific Bitcoin address.

With the increasing popularity of the Bitcoin, the number of ransomware attacks has also increased drastically. A 2016 IBM report also found a 300 per cent growth in ransomware cases.

Speaking of reach of these attacks, many factors come into play, one of the obvious being the ‘Shadow Brokers dump’ where a group of hackers released a host of exploits originating from the NSA. There was another vulnerability called the ‘EternaBlue’ which when coupled with a ransomware formed a worm-like circulation of the Wannacry attack. The same exploit reportedly played an essential role during the most recent NotPetya ransomware spreading in over 65 countries.

However, Microsoft did release a patch for EternalBlue, but by the time the ransomwares did what they were developed for. WannaCry and NotPetya serve as a reminder that not everybody stays up to date with security patches.

The enormous scale of these two ransomwares motorized by stolen NSA exploits and assisted by cryptocurrency are a stark example of how we have entered a new age of dangerous ransomwares. A report from Symantec found 36 per cent rise in ransomware attacks across the globe.

Some believe that the ransomware might end up digging its own grave. The total number of infected computers combined with the practically nonfunctional payment mechanisms of both NotPetya and WannaCry, mean that even if the victims did agree to pay the ransom, they wouldn’t have received the decryption keys. Paying the ransom doesn’t make sense if the victims aren’t getting the decryption keys back.

All this goes down to prove that while the form of digital extortion shows no sign of slowing down, money may no longer be a part of it. It also gives us hope that there will be an end to this growing ransomware plague.

( Source : Deccan Chronicle. )
Next Story