Two significant ransomware attacks occurred in the first half of 2017.
The first outbreak took place on May 12, 2017, when WannaCry leveraged a known Windows exploit to infect hundreds of thousands of vulnerable computers around the world, including 34 percent of UK National Health Service (NHS) trusts.
Less than two months later, NotPetya abused that same Microsoft vulnerability to strike banks, airports and power companies in Ukraine, Russia and parts of Europe. (Kaspersky Lab says NotPetya is wiper malware, not ransomware, because its encryption algorithm prevents the decryption of infected disks even if victims pay the ransom.)
Both WannaCry and NotPetya prove just how far cybercrime has come over the past few decades. Just take a look at WannaCry’s ransom note:
As you can see, the message for this threat is a professionally designed dialog box that doesn’t just tell users their files are encrypted and that they must pay $300 in Bitcoin to recover their data; it also provides users with the ability to check their payment, as well as to learn more about Bitcoin and how to purchase units of the cryptocurrency.
The dialog box even comes with working counters that indicate the time left before attackers raise their ransom amount and permanently delete the decryption key for the affected files.
Such a sophisticated ransom note is a far cry from that of the 1989 AIDS Trojan, a threat which many consider to be the first piece of ransomware ever written.
Unlike WannaCry, the AIDS Trojan didn’t abuse a Microsoft vulnerability for distribution.
Bad actors circulated the threat on infected floppy disks they sent to unsuspecting web users’ homes. When someone loaded the disk onto their computers, the malware allowed 90 bootcycles to pass before hiding the directories, encrypting the names of files on the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Paul Norris. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/pci-dss-compliance-ransomware-threats/