The past and present of ransomware
In fact, the recent wncry virus isn't the first time ransomware has struck. Not long ago, a ransomware also appeared on Android that encrypted the phone and demanded ransom. And after this software was checked and killed, it soon made a comeback with an upgraded version - this new wave of ransomware is infecting files with random keys, so that even the attackers don't know how to unlock them, and it's futile for users even if they deliver the ransom.
We see that with the continuous development of IT technology, although there are many IT employees, but the main employment is basically focused on mobile platforms, cloud and artificial intelligence and other fields, the most popular programming languages have also gradually evolved from the C and C++ for the bottom operation to the hosted JAVA and even the GO language for modeling. The field of information security is a directly facing the bottom of the technology, engaged in the bottom of the programming staff is less and less, also represents the information security practitioners base is getting smaller and smaller, the direct consequences of this phenomenon is that the network world backward technology can attack the advanced technology, this point and human society backward barbarians on the invasion of advanced civilization is very similar. The recent revelation that the wncry virus probably originated from North Korea also confirms this trend side by side; certain organizations and even countries are not in a position to engage in high-end technology, but the viruses they write can run rampant all over the world. Ransomware hackers have further expanded the range of attacks that can be made, such as online gaming, smart cars and wearable devices have been exploding with vulnerabilities in large numbers. A review of the history of such software is roughly divided into the following stages.
1. Original stage:
The earliest ransomware appeared in 1989, called "AIDS information Trojan horse". The Trojan counts the number of times the system is booted by replacing system files. Once the system has been booted 90 times, the Trojan hides multiple directories on the disk and the entire file name of the C drive is encrypted, which prevents the system from booting. At this point, a message is displayed on the screen claiming that the user's software license has expired and asking for $189 to be mailed to unlock the system.
The Redplus ransomware Trojan, which appeared in 2006, was the first domestic ransomware. The Trojan hides user documents and then pops up a window to extort ransom, ranging from $70 to $200. According to China's Computer Virus Emergency Response Center, more than 580 cases of infection of the virus and its variants have been reported across the country. And in fact the user's files were not lost, just moved to a folder with hidden attributes.
2. New development, bitcoin ransom stage:
Starting with CryptoLocker in 2013, ransomware entered a new development period, and bitcoin came into the view of hackers.CryptoLocker can infect most of the Windows operating systems, and it is usually spread through email attachments, which, when executed, encrypts specific types of After the attachment is executed, it encrypts certain types of files, and then a payment window pops up. It was from this software that hackers started asking organizations to pay ransoms in bitcoin, and it was this software that brought in nearly 41,000 bitcoins for the hacker organizations, which are worth nearly $1 billion according to the latest market price of bitcoin.
3. Ransomware platformization and open-source trend:
In the same year 2015 a ransomware development kit called Tox was released in the middle of the year, by registering for the service anyone can create ransomware, the management panel will show the number of infections, the number of people who paid the ransom, and the overall proceeds, and the founders of the Tox receive 20% of the ransom.
In late 2015, Turkish security experts released an open-source ransomware called Hidden Tear. It is only 12KB, which is small in size, but the sparrow is small in size, and this software is very well designed in terms of propagation module, destruction module and so on. Although the hacker from Turkey repeatedly emphasized that this software is to allow people to learn more about the working principle of ransomware, but it as the open source of ransomware, or sparked a lot of controversy, after reading the source code of this ransomware, the author is also suddenly awakened to the original programming ideas and methods are really something else, destructive thinking and constructive thinking is indeed a completely different style.
4. The trend of combining with the theft of private information from the public
In recent years, the invasion of certain fast hotel accommodation systems and private hospital HIS systems, off the library (off the library refers to hackers invade the system after the information theft behavior) events occur frequently, and 16 years ago, the hacker will generally only information quietly stolen out of the black market after the price of the sale, but at present the hacker is even more important in the sale of private information before also to the hospital and hotel before the sale of information. But now hackers are trying to extort money from hospitals and hotels before selling off private information. At the end of last year, a medical center in Hollywood was hacked and ransomed for $3.4 million, and although the hospital eventually paid $17,000 to resume operations after some bargaining, the hospital's medical records soon appeared on the data black market.
Additionally, recent ransomware viruses have clearly stepped up their "user experience" by giving users strong psychological cues, such as the UI design of some of the latest ransomware that makes it impossible to exit, and a countdown that reinforces the sense of urgency as the ransom goes up in price over time.
Why Bitcoin
Seeing a large number of articles on the Internet are saying that the hackers who created the wncry virus this time chose Bitcoin because Bitcoin transactions can not be traced, in fact, this statement is not rigorous, the essence of the Bitcoin is a distributed ledger, each transaction needs to be broadcast to the entire blockchain network, otherwise, it is not a legitimate transaction, to summarize the characteristics of its circulation It is anonymous account opening and transaction transparency. On the contrary, cash transactions are real-name accounts, but the use of the customer to take out the cash is no longer transparent.
The emergence of Bitcoin has also raised new issues for regulation, and the way existing currencies are regulated is certainly not applicable to Bitcoin. And the lack of regulation is one of the main reasons why hackers are now preferring Bitcoin as ransom.
Here again, a brief review of the Bitcoin fork dispute, we know that the Bitcoin transaction to the entire blockchain network for a broadcast, you can imagine that if we take a piece of a speaker shouting that the system must be to collapse, the founder of the Bitcoin Satoshi Nakamoto in the establishment of Bitcoin at the beginning of the Bitcoin network is limited to 7 transactions per second, if in accordance with this transaction speed At that rate, it would have taken nearly five years to process the number of transactions that took place on Alipay's Double 11 day last year (about 1.05 billion).
Currently, Bitcoin players are divided into two schools of thought, one of which believes that Bitcoin's 7-transactions-per-second speed has become one of the core characteristics of Bitcoin and should not be upgraded. The other faction believes that the processing speed of the Bitcoin network is too slow has seriously affected the promotion of Bitcoin and should be when upgraded. So if one faction forces an upgrade and the other doesn't follow suit, then it's highly likely that Bitcoin will split into two branches, which is the most important reason why the price of Bitcoin pulled back so sharply at the beginning of the year.
From the current situation, there is no sign of easing the fork dispute, but the emergence of the bitcoin ETF and the wncry virus has quickly pushed the price of bitcoin to new highs. Personally, I think bitcoin short-term probability to break through 20,000RMB, but consider the current Litecoin and other variants do not have all the fork of the dispute, so from the investment point of view it, if bitcoin once again by the fork of the dispute and fall, then this is actually good for the Litecoin, so if there are readers a large number of holdings of bitcoin and do not want to sell, then you can consider doing more Litecoin to hedge.
If you look at it from an information security point of view, the fork issue is likely to affect Bitcoin's continued status as a ransom for ransomware. I think viruses that accept Litecoin and Ether as ransom are about to be born.
But blockchain currencies are more or less troubled by processing speed and cryptographic algorithm upgrades are not easy, the risk is higher in the long term, and short-term price manipulation signs are more obvious. If you don't have the mental capacity, just watch their trajectory.