April 2010 became a milestone for substantial change in cybercriminals’ modus operandi. As the ubiquity of rogue antispyware underwent a significant decline due to law enforcement efforts, the fraudsters’ new know-how called ransomware emerged to literally blow up the IT security world. Sadly enough, the antivirus industry appears to be one step behind in this context.
Typically propagating through the use of web exploit kits such as BlackHole, the kernel malicious code known as Reveton infects computers through software vulnerabilities and completely blocks out user access to the operating system, stating that the user is allegedly violating Copyright. Yet another variant which came on stage in early September 2013, CryptoLocker, encrypts a victim’s personal files rather than preventing access to Windows. The newest ransomware version called CTB Locker, which was released in July 2014, has introduced more advanced crypto and highly secure communication with the criminals’ Command & Control server. In all of these scenarios, the compromised users are required to pay a ransom of $100 - $300 for unlocking the system or decrypting private files.
One of the pioneers in this underhand activity Pavel Vrublevsky, known by the handle RedEye, is the odious former CEO of the Russian credit card processing company called ChronoPay . He is now serving sentence in a Russian penal colony for organizing a DDoS attack against a company competing with ChronoPay for processing major Russian airlines’ payments. Back in 2010, RedEye initiated the propagation of a Trojan masquerading itself as software by an alleged anti-piracy association called ICPP Foundation. Said malware would accuse users of violating Copyright and extort a “pre-trial settlement” to avoid further legal action. That’s how ransomware came to be.
The modern counterparts of this invention have been substantially refined technology-wise. Ransomware programs called screen lockers pretend to emanate from local police forces, the underlying Trojan being capable of determining the victim’s geographic location. The above-mentioned CryptoLocker employs a yet more sophisticated tactic by applying asymmetric encryption to the prey’s files, where both public and private key are required for decryption. The latest sample, CTB Locker, leverages elliptic curve cryptography (ECC), which makes even brute-forcing literally inefficient. This means that an affected user cannot possibly get his or her files restored unless the private key is obtained in exchange for the ransom.
The fraudsters behind ransomware are skillfully avoiding attribution by having victims submit the payments via pre-paid services such as Green Dot MoneyPak, Ukash, or through the Bitcoin system. Furthermore, CTB Locker establishes connection with the C&C server via Tor, The Onion Router, which guarantees the bad guys a fair degree of anonymity.
At the end of the day, the various aspects of these campaigns indicate a growing sophistication of the present-day cybercrime schemes. The most solid advice for keeping ransomware away is to run regular software updates and use trusted security suites that won’t allow the malicious payload to get through.
via Examiner National Edition Gadgets & Tech Channel Articles http://www.examiner.com/article/ransomware-evolution-as-a-shift-towards-increasingly-aggressive-cybercrime?cid=roadrunner