opinion

A Brief History of Virus Profiteers

A Brief History of Virus Profiteers

Ransomware is as old as the internet itself. It has been causing havoc across computer networks worldwide for decades. Much like virus variants, it has adapted along the way and has a fascinating history.

In recent years, ransomware has made the news for disabling everything from oil pipelines to governments and big businesses. In the most egregious case, during the COVID pandemic, hospital networks were targeted by ransomware, encrypting essential patient data and operational systems that lives depended on. Last year alone, over 600 medical institutions were impacted by 92 total attacks, with attackers demanding millions of dollars for the safe decryption of this critical information. It is hard to say just how many individuals were harmed by these disruptions.

The purpose of today’s computers is primarily to communicate with other computers; so as long as they are sending and receiving data in any way, they may be faced with an infection.

Looking back, when did ransomware truly begin? Surprisingly, it originated with floppy disks in the late ’80s. In 1989, a virus called the AIDS Trojan, or Cyborg Virus, disabled systems and demanded that users send nearly $200 to an address in Panama to restore access. This small-scope attack tested the waters for what would develop into a multimillion-dollar ransomware sub-industry.

A critical factor in the history and development of ransomware has been the expansion of anonymous payment systems. While other computer viruses might profit from selling stolen information or manipulating data to shift geopolitics and exchange markets, ransomware relies on obtaining direct ransom payments. In the early days of ransomware, it was easier to collect payment via international PO boxes and other physical means, as these were less easily traced. However, this particular flavor of virus went relatively dormant in the early 2000s as physical payment methods became easier to trace.

There are prominent examples of ransomware attacks dating between 2005 and 2006, such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip and MayArchive. They were precursors to more advanced ransomware that would appear in the 2010s. By then, programming could take advantage of early cryptography to lock data with public encryption keys that are proven mathematically infeasible to break, even with powerful computing hardware and concerted effort across multiple networks.

The year 2010 also marked a breakthrough in the diversification of ransomware. Russian programmers released viruses that displayed pornographic images on users’ screens that could not be removed until a ransom was paid. They asked for $10 per user, netting a total bounty of $16 million across Russia and neighboring countries.

In 2013, the FBI MoneyPak ransomware virus used false identity to claim the attackers belonged to the FBI and had recognized illegal activity on users’ computers. Users were more likely to comply with payment, believing it to be a legal fee to evade further fines, much like a parking ticket.

Fast forward to 2019 and hackers have found ways to infect mobile devices, with one fringe example proving it’s possible to insert ransomware onto a DSLR camera, locking it beyond functionality, and displaying a ransom message akin to those found on desktop computers. In 2021, all devices connected to the internet are susceptible to ransomware in some form.

WHY RANSOMWARE IS SO LETHAL TO COMPUTERS TODAY

Ransomware invades individual systems and entire servers, commonly through trojans. A layperson might think they are protected from trojans because they have anti-malware or antivirus software installed — but it is not as simple as that. Attackers are aware of these primary defenses and are already steps ahead. You will not even know you have been affected by a trojan until it is too late.

Once executed, they sink their fangs into root-level files to start an irreversible encrypting of the drive. Encryption happens behind the scenes and goes undetected. Then, once complete, the malicious program turns the key, locking the system down. It sends the encryption key to the attacker at their home base, which could be anywhere in the world. This is when the user becomes aware they have been hacked.

A message will take over the screen, demanding that a ransom be sent via an untraceable method such as a cryptocurrency transaction. It might have a deadline that threatens to publish or erase the encrypted information should the money not be sent. By then, it is too late to do anything but pay the attacker, as modern encryption would take magnitudes of millions of years to brute-force open.

Because ransomware attacks are time-sensitive and irreversible, the only way to stay protected is to be proactive. A reactive approach using antivirus apps is ultimately futile against ransomware that has already taken hold of a system. Similarly, firewalls that are one-size-fits-all are no good at protecting against the complexity of today’s attacks.

Web application firewalls run in front of web hosting to filter out everything unsavory. They do not trust traffic unless given express permission by site admins. WAFs can also have customized rules and access hierarchies to fit individual needs for maximum security.

The U.S. Cybersecurity & Infrastructure Security Agency has an entire government website dedicated to educating citizens of the internet on just how dire these threats are. The U.S. Treasury released the following statement on October 21, 2020 detailing potential issues with companies who engage in ransomware payouts:

“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

Attack tactics are changing as defensive technology adapts to each new threat. Nevertheless, computers are not like humans. When faced with a virus, people can quarantine away and stay disconnected from other humans until the situation resolves. The purpose of today’s computers is primarily to communicate with other computers; so as long as they are sending and receiving data in any way, they may be faced with an infection.

The more system admins take a proactive stance on this age-old threat, the less advantage attackers will have in holding essential information hostage.

Brad Mitchell is the famed founder of MojoHost, which has won numerous XBIZ Awards for Web Host of the Year and earned many loyal clients for nearly two decades. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. Be sure to back up your data on MojoCloud in case of ransomware, or deploy MojoShield to stay safe. Contact brad@mojohost.com to learn more about the suite of services on tap.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More