We have recently witnessed an increasing number of ransomware attacks that are spreading in our region as well as in the world. Very often not only individuals but also the computers of companies are affected. This blog post aims to explain in more detail what this threat really is and how it has evolved throughout history.
If we look at what preceded the ransomware then we have to go back to 2005 when the first “FIX” fake messages appeared where the user received information on the screen in the form of a system alert saying that certain applications were poorly configured and clicked with the “Repair Now” button, we will solve everything easily and simply. Please note that clicking this button may cause any malware to be installed on your computer. The next item in the historical development is the fake antivirus programs that came out in 2010 and which had an interface very similar to real antivirus programs. The basic idea here was that we now had a “CLEAN” button that should supposedly clean up an infected computer. Compared to the previous one, this threat is very similar. The next in a series would actually be the first ransomware to appear in 2012 so-called. “Locker ransomware”. The idea here is to lock the computer and ask for a ransom to unlock the computer. The thing to note here is that at this point, the files on your computer are not encrypted, only the desktop is locked. Removing the hard drive and attaching it to another account or booting the system from a live CD / USB drive makes it easy to access files. And at the end of sometime in late 2013 and early 2014, the first real ransomware as we know it now appears, Crypto ransomware, which encrypts all files on an infected computer’s hard drive, extends it into some of its extensions and seeks redemption in bitcoin to get access to your data.
How it all began – Zeus Trojan
For the first time, a modern type of file-encrypting ransomware called CryptoLocker has emerged along with one serious threat known as the Zeus Trojan targeting the MS Windows operating system. This was a Trojan that emerged at the end of 2007 and was used primarily to steal data, including victims of Bank of America, NASA, ABC, Oracle, Cisco, Amazon, and many other well-known companies and government institutions. However, it was also discovered that at the end of 2013, Zeus was used at the beginning of September for the hidden installation and expansion of CryptoLocker. It was only detected in mid-2014 when it was discovered that there was an advanced version of the botnet network called Gameover Zeus, which in addition to serving theft of banking usage data and the spread of CryptoLocker.
Should I pay if I get infected?
The answer to this question is almost always negative for two reasons:
- The payment itself finances the money for the further development of such groups and tools
- Nobody guarantees that by paying and accessing your files, someone will not reuse the same way to re-encrypt and seek redemptionHowever, if the encrypted data is so important that it threatens the business of a particular company or the work of an individual, then only in that case should you consider paying for the data purchase.
Of course, there are two things to check before doing this:
- Do we have any backup of our data on some offline medium and how old is that backup, or since when is our data. It turned out that for now, this is the only cure, even online backup systems can be encrypted in certain cases.
- Is there a free decryptor for that type of ransomware that infected the computer.
No More Ransom (NMR) initiative
This initiative was launched about a year ago by Europol, the German Police, Intel Security, and Kaspersky Lab to allow victims of ransomware to decrypt their files for free. A number of free decryption tools can be found on the NMR site. According to some statistics, over 10,000 victims were able to recover their files for free in a short time. Currently, the platform is in 36 languages and contains over 40 free decryption tools. Currently, there is a trend that many organizations are joining this initiative and that this is a very good example of cooperation between different countries on a common goal, the fight against ransomware. Some who have joined are Avast, CERT Poland, Eleven Paths as well as law enforcement organizations from Interpol, Australia, Belgium, Israel, South Korea, Russia, and Ukraine.