Shulou(Shulou.com)06/01 Report--

Cryptovirology (encryption extortion virus) was born out of security experts' scientific curiosity about a new type of software attack that combines encryption with malware and originated at Columbia University. Cryptographers at Columbia University and security experts at IBM have clearly defined Cryptovirology and outlined the concept of Ransomware, a ransomware: malicious code is used to interfere with the normal use of victim files and can only be restored by paying a ransom.

Over the years, security industry experts have also accumulated a number of unconventional scientific problems encountered by hackers in infiltrating computer systems, as well as methods and measures to solve these problems.

The most common question is often asked: how destructive is the worst malware attack to the target? From people's point of view, this issue was raised around 1995. At that time, many people didn't know anything about the Internet, and many of them got an email address for the first time. Traditional home computers are seldom connected to the Internet. When users want to check e-mail, they must use a dial-up modem to check it online. At that time, USB technology had not yet been born, and people used 3.5inch floppy disks to store files.

For thousands of years, cryptography has been regarded as a pure information protection technology, especially as a way to hide information content, protect data security and authenticate users. Now, however, people with bad intentions are using cryptography to blackmail.

Early cyber attackers used the symmetric key technology of "AIDS Trojan" (AIDS Trojan Horse) to disrupt the victim's file name and demanded a ransom to decrypt it. From a technical point of view, this attack has been invalidated because the decryption key can be extracted from the Trojan code.

When it comes to virus implantation, people think of grotesque images from the sci-fi movie Alien. People are impressed by the alien's face. This creature is like a hybrid between an insect and an octopus. Its name is facehugger. It wraps its long legs around the victim's face and inserts a tube into the victim's throat. Its long tail tightly strangles the victim's neck and puts him in a coma. However, the egg is implanted into the victim's abdomen. After a period of time, it will hatch into a face-holding worm (or alien queen) and give birth to new aliens through the explosion of the victim's stomach.

Once contact occurs, there is no way for the victim to safely remove the facehugger. The scientists in the film can't find a way to safely remove the face-holding bug from the victim.

The virus concept of AIDS Trojans and facehugger is defined in people's minds as malware attacks may evolve. Efforts have been made to eliminate facehugger, the forced symbiotic relationship between computer viruses and their hosts, in which cleaning up viruses is more destructive than leaving them in place.

But it is found that this is not entirely the result of its pursuit. A data kidnapping attack has been discovered and called the encryption blackmail virus. In the encryption blackmail virus, the network attacker generates a key pair for the public key cryptosystem and puts the "public key" into the encryption blackmail disease, while the corresponding "private decryption key" is kept private.

Encryption blackmail virus will spread and infect many host systems. It attacks the host system by encrypting the victim's file: encrypting the file with a locally generated random symmetric key and encrypting the key with the public key. It returns the symmetric key and plain text to zero and then establishes a file containing ransom for asymmetric ciphertext and means of contacting the attacker. The victim sends the payment file and asymmetric ciphertext to the attacker. After receiving the ransom, the attacker decrypts the asymmetric ciphertext with his own private key and sends the restored symmetric key to the victim. The victim decrypted his own file with a symmetric key.

And the private key was not submitted to the victim. Only the attacker can decrypt the asymmetric ciphertext. Moreover, the symmetric key accepted by the victim is useless to other victims because it is randomly generated.

Security experts presented the analogy of this cyber attack and facehugger at the IEEE Security and Privacy Conference in 1996. This discovery is considered to be an innovative definition, although it is called somewhat vulgar. Years later, the industry media called the encryption ransomware ransomware. In the conference documents, it is suggested that electronic money can also be extorted by cyber attackers. That's why more secure bitcoins are used today. It has been observed that the behavior described 20 years ago is the exact "business model" used by the cybercrime industry, which now receives a ransom of about $1 billion a year: the blackmail software industry.

It has been found that public key cryptography is capable of breaking the symmetry between the views of antivirus analysts and those of attackers. The view of antivirus analysts is that ransomware consists of malicious code and the public key it contains. The attacker's view is that ransomware consists of malicious code, public keys, and corresponding private keys. Malware can perform trapdoor one-way operations on the victim's machine, and only the attacker can undo it. Many hidden virus attacks are based on this unique advantage given to attackers. These methods use passwords as an attack tool rather than the previous defensive use.

In the book "Malicious Cryptography: Exposing Cryptovirology" published in 2004, the following analogy is put forward: Cryptovirology refers to the ability to penetrate computer systems and crack passwords through cryptanalysis. This is a positive prediction of the next step of the network attacker, and it is suggested that some countermeasures should be formulated and implemented. To guard against the encryption blackmail virus, a backup strategy is recommended and passwords are searched in places where the blackmail software is not running. Security experts have published these and similar threats, as well as their findings, providing an important starting point for the development and deployment of security defenses.

Anti-virus is a long road full of doubt and criticism. Today, it has been recognized that encrypted virus extortion is a serious threat. Over the years, manufacturers and experts in the security industry have held many lectures on encryption virology and experienced various attacks. But people don't agree on this: some people think the threat is real. Others insist that encrypting the blackmail virus is pointless because it provides no information to attackers other than deleting hard disk data. Others claimed that no victim had paid the ransom.

The book was severely criticized soon after it was published. An expert who has written a computer virus book commented that the book is "not very practical" for those who are seriously involved in malware research. This opinion shows the public that there is no need to worry about blackmail software. Experts attribute this reaction to the inherent resistance of many people to new ideas, especially the integration of two previously different disciplines, in this case, malware and cryptography. For people, the difficulty known as the "innovator's dilemma" also applies to actively dealing with threats and risks.

Cryptovirology (encryption blackmail virus) has proved to be a terrible threat. Ransomware attacks are reported every day. Its victims include individuals, hospitals, police stations, universities, transportation systems, and government departments. People have even seen the development of "ransomware as a service", in which encryption virus tools are sold to criminals who carry out covert virus extortion.

Over the past year, people have witnessed a vicious circle: the more organizations attacked, the more news reports about blackmail software attacks, prompting more and more criminals to take action and generate more relevant news reports. Media reports magnify the hidden virological awareness between citizens and cyber criminals.

The social and legal response to this viral damage has changed the definition of "network violations". Previously, computer vulnerabilities are synonymous with the penetration of sensitive corporate data, and their meaning has been extended to blackmail software. Recent facts about ransomware and HIPAA released by the U.S. Department of Health and Human Services show that violations occur when electronically protected health information is encrypted by blackmail software on the grounds that cyber attackers have controlled sensitive health information. This is a major change in the definition of computer "violations", which can occur even if no sensitive data is compromised due to the threat of invisible blackmail viruses.

In February 2017, computers at Hollywood Presbyterian Medical Center were hacked and infected with blackmail software, and the hospital used bitcoin, which paid $17000, to recover files. This prompted California to amend section 523 of the Criminal Code and enact a new law to address extortion software, SB-1137 computer Crime: blackmail Software, which makes it clear that the intention of introducing blackmail software into computer systems is to extort money. According to Reuters, the WannaCry encryption extortion software attacked more than 200,000 computers in more than 150 countries in May 2017, and the damage was even worse because organizations and individuals did not make enough efforts to repair it.

Finally, security experts point out that Cryptovirology has also influenced popular culture and even inspired Fault Lin, a novel by thriller writer Barry Eisler.

Over the years, people have seen security vendors reluctantly describe and discuss countermeasures against encryption blackmail virus attacks. This is fundamentally flawed, it is a classic "passive security" phenomenon (acting after an attack), rather than preventive "active security".

Industry experts believe that blackmail software is just the tip of the iceberg. Most encrypted virus attacks are covert in nature, allowing attackers to steal information completely unnoticed. These attacks may put the vast majority of computer incident response teams in trouble.

It took more than 20 years for encryption ransomware to gain worldwide recognition, and it seems that most of the attacks are moving in the same direction: doomed to be ignored until large-scale attacks on the real world are made public. To quote the philosopher Santayana's maxim: "people who forget the past are doomed to repeat it." the same seems to apply to encryption and extortion viruses.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.