The Rise Of Ransomware

Cryptolocker, Gameover Zeus, and the nasty new strains of computer viruses holding our machines hostage.

If you are running a PC with the Windows operating system on it, you may want to consider another backup--security experts fear the return, perhaps as early as this week, of a vicious computer virus that locks people out of their computers and demands ransom.

A massive international operation at the beginning of the month knocked out its main servers but, attesting to how government digital security policy has failed to prevent and in some cases has even encouraged cyber crime, that was able to guarantee only two weeks of respite from it.

Cryptolocker is a fascinating and terrifying code, the best-known example of a new generation of “ransomware” viruses that encrypt a computer’s entire data with a powerful algorithm and demand a payment in exchange for the password. Estimates say it has already raked in tens of millions of dollars--it was such a commercial success that its creators shamelessly set up a special customer service site that helped people pay the approximately $300 demanded from each affected user.

It originally served as the less glamorous counterpart of another highly sophisticated virus, Gameover Zeus, which was used to steal financial information. “Where a computer infected with GOZeuS turns out not to offer a significant financial reward, it can ‘call in’ CryptoLocker, to give the criminal controllers a second opportunity to acquire funds from the victim,” wrote the U.K.’s National Crime Agency in a release.

But it has since rivaled and even surpassed Gameover Zeus in its infamy and has spawned a number of imitations, some of them attacking other operating systems and even smartphones.

The most common way the viruses have spread so far has been through fake emails containing infected attachments or links to hackers’ sites that exploit vulnerabilities in browsers to install the malware surreptitiously. The infected computers are then linked to form a criminal “botnet”--or a decentralized peer-to-peer network of zombie computers taking commands from remote operators.

The scheme is so complex that even after authorities took over the command and control servers--and named one of the alleged perpetrators, the Russian hacker Evgeniy Bogachev--the threat didn’t disappear. Attesting to the dark genius of their creators, the viruses turned the very tools that protect people’s privacy online--such as powerful encryption and decentralized anonymous communications--against those very same users.

“For some years now, attackers have been changing the techniques they use to manage their networks of infected computers to be resistant to take-down both from law enforcement and other parties, such as other attackers or vigilantes,” says Liam O Murchu, a senior developer at the cyber security firm Symantec.

Adds O Murchu:

The two most popular techniques are domain name generation (DGA) and peer-to-peer (P2P) communication. DGA generates multiple websites per day that can control the infected machines, [and] unless every site can be blocked every day the attacker can still communicate with the infected machines…. Similarly, P2P allows infected machines to accept commands from one another, [and] as long as the attacker can send a new command to one of the infected machines it will slowly percolate through the rest of the infected machines.… As long as the attackers are free to operate, they can take back control of the infected machine at any time.

Governments have been slow to catch up with such threats--as if to illustrate this, when the British government funded a site to help people deal with Cryptolocker, it quickly collapsed under a deluge of visitors.

But some say that the inadequacies could be the result of a deliberate policy and that we are in effect paying a double price for government infringement on our privacy. A growing digital arms race between the U.S. and other world powers has created a booming digital black market where malicious hackers are empowered over security experts and an environment where governments have little incentive to alert software makers to previously unknown vulnerabilities, a Reuters report warned last year. (Though the NSA is widely believed to have infiltrated parts of the encryption algorithm the virus uses, no government aid to victims was immediately forthcoming.)

Moreover, government cyberweapons such as Stuxnet and the Russian “Snake”--as well as a host of others such as those that turn people’s iPhones into spy devices--have set a standard for criminal hackers. If and when the latter catch up in resources and motivation with their government-employed counterparts, a whole new generation of computer viruses could spread like wildfire and wreak unseen destruction.

For now, at least, this hasn’t happened. Gameover Zeus and Cryptolocker are not nearly as complex and dangerous as Stuxnet and Snake, explains David Emm, a senior security researcher at Kaspersky Lab.

And there are simple measure you can take to mitigate their impact. “If you have a backup, even if you just manually drag and drop your files onto a USB drive, then you can avoid the need to pay the ransom if you do get infected with Crypolocker,” says Emm.

Experts are more circumspect as to whether Cryptolocker and similar threats could be used by some governments to force through the possible fragmentation of the Internet into national web spaces--but that too could be a troubling possibility.

“Certainly," says O Murchu, "there is a lot of interest right now in looking at all the options available."

[Shadow Man: Stefano Tinti via Shutterstock]

Add New Comment