| |
HB1PMS > TECH 09.03.20 03:08l 83 Lines 3683 Bytes #999 (0) @ WW
BID : 2448HB1PMS
Read: GAST
Subj: Uncovering Aggressive Methods
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200308/2210Z 8803@HB1BBS.ZL.NLD.EU BPQ6.0.19
Van: HB1PMS@HB1BBS.ZL.NLD.EU
Uncovering Aggressive Methods Used by Ransomware Operators to Disrupt
Reputation of Victims
The first instance of ransomware was observed in December 1989.
Tracked as AIDS trojan, the ransomware was introduced to the world after it
infected 20,000 floppy disks.
Ransomware has been one of the most prolific cyber threats in recent years
and it is unlikely that the menace due to this malware will stop any time
soon.
The first ransomware attack
The first instance of ransomware was observed in December 1989. Tracked as
AIDS trojan, the ransomware was introduced to the world after it infected
20,000 floppy disks of delegates who had attended the World Health
Organization’s AIDS conference in Stockholm.
The disk contained malicious code that hid file directories, locked file
names and demanded victims a ransom of 089 to be sent to a PO Box in
Panama.
Enhanced with more destructive nature
Almost two decades later, ransomware emerged to be much more powerful. In
2006, the malware assumed the name Archiveus and carried out sophisticated
attacks on PCs across the globe. Archiveus encrypted all files in the ‘My
Documents’ folder and instructed victims to make purchases on specific
websites if they wanted to receive the decryption password.
The arrival of Bitcoin in 2008 added more fuel to a string of attacks under
ransomware. The monikers including GPcode, Krotten, Cryzip, and many others
changed the attack process of ransomware to extort people and generate
revenue.
By 2016, ransomware-as-a-service had become common, enabling many organized
cybercriminals to target businesses and public sector organizations.
Operators become more proactive
In today’s world, there are many decryption keys for several notorious
ransomware. Also, with the recent ‘No More Ransom project’, organizations
have started backing off from paying the ransom to ransomware authors. This
has led the ransomware operators to devise a new ‘Naming-and-Shaming’ method
recently.
Initiated by Maze ransomware operators, this new technique involves
revealing the name as well as the data stolen from victim organizations on
their websites. The operators plan to take up this tactic when a victim
refuses to pay the ransom.
DoppelPaymer, Sodinokibi, and Nemty are some of the other ransomware that
has started to fall in line with Maze ransomware. DoppelPaymer has launched
its website named ‘Doppel Leaks’ to name and shame its victims.
Conclusion
Ransomware has become more problematic than ever and the issue will continue
into 2020. If organizations secure their networks and ensure there are
backups available, then they don’t have to pay the ransom. And, if people
aren’t paying ransoms, cybercriminals will stop seeing ransomware as a
lucrative weapon.
73 Henk.
======================================================================
_ _ ____ __ ____ ____ _____
| | | | _ \/_ | _ \| _ \ / ____| SYS: Henk (hb1nos@hb1bbs.com)
| |__| | |_) || | |_) | |_) | (___ QTH: Ouwerkerk - JO11XO
| __ | _ < | | _ <| _ < \___ \ BBS: HB1BBS.ZLD.NLD.EU
| | | | |_) || | |_) | |_) |____) | QRV: 27.235 MHz (FM 1200bps)
|_| |_|____/ |_|____/|____/|_____/ WEB: www.hb1bbs.com
======================================================================
** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93
======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed zondag 08 maart 2020 23:06 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU
Lese vorherige Mail | Lese naechste Mail
| |