While malware categories such as “virus” or “trojan” have been around for what seems like forever, ransomware has only been around for a few years in the perception of many. But far from it: blackmail malware, one of the greatest threats in the area of cybercrime at the moment, has already come a long way in terms of time and technology.
A three-part series of articles on heise+ provides exciting and up-to-date reading material for the holidays. It traces the evolution of ransomware from its inception to the present day. She sheds light on both the technical implementation and optimization as well as the gradual professionalization of the criminal structures that form the basis of today’s extortion of millions.
Malicious code in the mail & race against the AV industry
In the late 1980s, a scientist of all people paved the way for effective blackmail. The eccentric evolutionary biologist Dr. Popp sent the very first ransomware disguised as a medical information program on a floppy disk. In doing so, he followed a strategy that, in retrospect, would be called early spear phishing: the recipients of the approximately 20,000 diskettes included not only subscribers to a computer magazine, but also doctors and medical institutions in particular. Part 1 of the series of articles deals with the malicious code that became known as the “AIDS Trojan” and scientific publications that later inspired blackmailers:
After a long break, new ransomware followed in the footsteps of the AIDS Trojan in 2004. The encrypting “GPCode” used the advantages of the World Wide Web as a distribution channel and worked on an “unbreakable” encryption until 2011. Part 2 of the series of articles describes the year-long neck-and-neck race between GPCode developers and the anti-virus software industry.
Blackmail in the name of the law
Reliably evokes bad memories: The lockscreen of a BKA Trojan variant.
GPCode was followed by annoying screenlockers, which many readers will probably still remember: around 2011, the blackmail strategy of blocking instead of encrypting was booming. Police logos and alleged crimes served as a pretext for the malicious code, also known as the BKA Trojan. Ultimately, however, there was nothing behind it but hot air and data recovery was usually quite feasible. Starting in 2013, ransomware developers therefore turned back to encryption as a more effective means of pressure, which is still the dominant blackmail tactic today.
The third and final part describes this phase of experimentation, but also shows how modern ransomware continues on its way to perfect blackmail with new, highly dangerous tactics:
(ovw)
