The short, yet devastating, history of ransomware is littered with what amounts to individual horror stories. As you may well know, ransomware, is a particularly devious and potentially devastating strain of malware that, when enacted, locks a computer’s files down so that the user can’t access them. In their stead, a message is relayed that instructs them to contact a third party to pay a ransom for access to the files. This is where the threat gets its name.
As with much of the malevolence in the world, ransomware was built for a benevolent purpose. In 1986, two Pakistani brothers, Basit and Amjad Alvi, wrote a piece of software that instructs users to call a phone number if they were inundated with a warning message. The goal was to use this program to identify piracy and protect the brothers’ assets.
A few years later, this code was modified to lock down files. What is today known as the PC Cyborg/AIDS virus, was delivered on a floppy disk labeled, “AIDS Information Introductory Diskette.” When installed on a system (via floppy disk), it would restrict and hide the files on the hard drive of the computer. It would then instruct the user to pay $189 to a P.O. Box in Panama if they wanted to renew the software license.
Return of Ransomware
It took almost two decades before ransomware, as we now think of it, returned. In 2006, GPCoder, or PGPCoder, was developed as a trojan horse that, when delivered, encrypted files with common extensions (like .doc, .html, .jpg, .xls, .zip, .rar, etc.), and completed the extortion of the user by dropping a simple text file into each folder stating that they had to pay to receive the instructions on how to decrypt the files.
About the same time, the software started to quickly evolve. New strains were developed that could produce more sophisticated types of encryption, making it easier for more hackers to use with less risk. This resulted in more frequent ransomware attacks, and more ways of deploying the malware.
The first in a whole new trend of ransomware was unleashed on the Internet in September of 2013. CryptoLocker was typically delivered as an attachment to a seemingly benign email message, normally sent from what seemed to be a legitimate company. The ransomware itself was embedded in the email in the form a .zip file that contains an executable file, disguised as a .pdf file. When the file’s contents were unpackaged, it would install in the user profile, and add a security key to that user’s registry. This would allow the person or organization that sent the email to hijack the user profile, and thus lock down all the files on the system.
CryptoLocker has had several separate variants, all of which worked relatively the same way, and produced relatively the same results. They are all Trojan Horses that lock down files and demand ransom for access to them. People have begun to see more and more of this activity despite security companies’ best efforts.
From an IT perspective, there are many things you can do to avoid coming into contact with a piece of ransomware. One is to have your organization invest in high-end cyber security solutions. Nowadays, antivirus and spam blocking solutions are basically mandatory, with many organizations doubling down with comprehensive monitoring and management. Another solid practice is to keep frequent and comprehensive backups of the information you need. By keeping your company’s data backed up and securely stored either on external computers or in the cloud, you can ensure that if ransomware were to be downloaded, your entire organization won’t be in jeopardy.
At Symmetric IT Group we take pride in our ability to combat all types of productivity-sapping situations. Malware will always be a pain in the neck, but it doesn’t have to endanger your company. To see how we can ensure that your network and infrastructure remains free of malware and working properly, call us today at (813) 749-0895.