Today, Duo’s Thu Pham published another blog on the speakers and events at InfoSec Europe. Mikko Hyppönen, Chief Research Officer at Finland-based F-Secure, gave the keynote address at the event. He went into detail on the history and evolution of ransomware, including the state of ransomware today.
What’s Old is New Again
Essentially, old problems come back to bite us - that is, the kind of problems that we thought we’d already solved. One example is the AIDS Trojan discovered in 1989. It’s considered the early example of ransomware, which is now targeting hospitals, governments and enterprises alike.
The software ranks you based on your risk of getting HIV. If it was installed without paying the license fee, it would overwrite your master boot record, encrypt your data and display a ransom demand to send payment to a P.O. Box in Panama.
Similarly, Petya, a type of ransomware found in May 2016, infects your system, reboots, checks disk, runs and encrypts your files. Both old and new ransomware encrypt the master boot record and indexes, then demands ransom; however, the new one asks for bitcoin money transfers.
Studying Modern Ransomware
Mikko mentioned that all of the many different ransomware types come from ransomware gangs that compete against each other. In his research, he’s tracking over 100 different groups.
Each group is looking for a return on investment and new customers to infect to make a profit. In April, the first ransomware Trojan to target Macs appeared. This Mac ransomware scans your network looking for Time Machine servers, that is, it tries to locate and encrypt your backups.
While Mac users represent a smaller percentage of users overall, there is no other ransomware competition in the market - meaning it’s a profitable one. As a cryptocurrency, Bitcoin transactions are made public, and anyone can download the ledger to see the anonymized ransomware transactions that show online criminals are making hundreds of millions of dollars, according to Mikko.