2017 The first half of the year, the spread of extortion virus to the global Internet caused great damage. WannaCry and NotPetya two extortion virus led to the interruption of various services around the world. According to statistics, one-third of the British national health services by the WannaCry extortion virus. According to risk modeling company Cyence estimates, WannaCry extortion caused the loss of the virus or up to $ 4 billion. A month later, the spread of another virus NotPetya affected the Ukrainian government, pharmaceutical companies Merck, Maersk shipping, well-known advertising company WPP and Chernobyl nuclear radiation detection system.
Although the two large-scale computer virus outbreak caused an immeasurable loss, but the virus developers profit is very few. So far, WannaCry payment account only received 149545 US dollars, and NotPetya virus initiator is even less pitiful, only 11,181 dollars.
Marcin Kleczynski, chief executive of information security company Malwarebytes, points out that the problem faced by lawless elements is that “people are not too cold for ordinary hair care, it just encrypts your files.” Lawless people want people to see their own data or key business documents are encrypted, take the initiative to pay hundreds of dollars to decrypt. But in fact, Kleczynski said that more and more victims just shrugged and recovered from the backup data.
“You look at these unlawful elements to send the bitbox address, you see up to a few thousand dollars,” he added. “So how will these people further benefit?
Kleczynski and his colleague, Adam Kujawa, who directs Malwarebytes research, predict that criminals will develop new ways to ask businesses and individual victims to pay their remuneration, rather than letting these victims simply restore data from the backup and ignore the payment request The
The new way is a blackmail virus called “doxware”. Kujawa said: “Basically, it is ‘paid, or we will take away all the encrypted data and put it on your name online.'”
The name of the new form of the virus comes from “doxing”, which means deception, threat or intimidation by publishing private information on the Internet. There have been some similar attacks. The Chimera Serbian virus attacked a German company in 2015. This malware encryption file requires approximately £ 200 ($ 260) to be decrypted, but also accompanied by a warning: If the victim does not pay, “we will post your personal information, photos and videos and your name on the Internet.
However, Chimera this virus does not actually have the function of online release. This warning is only verbal, the use is to frighten the victim to pay quickly. But in other cases, the threat of publishing data is real.
In May, hackers steal a Archives of Lithuania’s orthopedic clinic, which contains personal information about 25,000 former clients: name, address and reshaping procedures, as well as passport scanners, national insurance numbers, and nude photos. They connect the Internet to the Internet through an encrypted network and ask individual patients to pay their remuneration to delete their personal information. For patients with only the name and address, the price is up to 50 euros; and for those who are exposed to the photos of the victims, the price rose to 2,000 euros.
In this week, HBO is also facing a threat, hackers steal 1.5TB of video information, including “power of the game” and other hit drama did not broadcast drama, also sought ransom.
However, these hackers are still based on artificial, find loopholes, pick them can start the target, and attack.
But why the same technology can not be loaded into WannaCry and NotPetya similar software, these extortion virus will automatically jump from one computer to another computer, the information illegal encryption.
Kleczynski said that such as WannaCry such a blackmail virus, in terms of transmission is called “cruise missiles”, but the actual attack is caused by rubber bullets. WannaCry exploited a mysterious hacker organization from the US National Security Agency to steal the loopholes, which is called Shadow Brokers. Vulnerability patches were released only a few months ago, and many people did not install it at all, so that WannaCry could spread quickly.
But when it invades the computer, its power is greatly reduced. WannaCry is stored in large numbers with the decryption key. British researchers have found a self-destructing switch that can prevent WannaCry from working. All attacked machines can be resolved by backup and restore.
If the online release of information to WannaCry extortion virus spread to such a scale, will be the history of the largest privacy leaks, but also one of the opportunities for online crime to find money. But it’s just a potential future for extortion.
Kleczynski said, “Imagine the British Airways ticketing system, similar to a blackmail virus.”
The so-called distributed denial of service attacks, in fact, is hacked from the device to attack again, it is very difficult to guard, as long as it continues, the user will lose millions of dollars every day. “It’s not always possible to infect a car,” said Craig Smith, director of transport research at Rapid7. “It’s not easy to ensure that car safety is safe, and it’s not difficult to extort the virus into the network. Who will risk driving a car The
Maybe this is not a science fiction. In December, a survey of 10 implantable cardiac defibrillators found a “serious vulnerability” that allowed an attacker to deceive the device to keep the communication channel open until the battery was exhausted. In this case, who will go to restart the device, restore the backup?
- Petya extortion virus spreads worldwide at least 65 countries and regions attacked
- Bitcoin Petrwrap Blackmail virus attack the global network, Russia and Ukraine the most serious
- The new blackmail virus Petya raged, only received $ 9,000 ransom
- WannaCry the virus maker may be Chinese
- Extortion virus Petya hacker e-mail firstname.lastname@example.org be sealed, pay ransom get back document
- New blackmail virus Petya not for money, just to destroy HDD MBR
- Australian speed camera infected WannaCry virus, the driver does not violate all violations
- The New York Times, CNN and other well-known sites encountered error 503 server errors
- CopyCat behind the virus network criminals are Chinese
- Microsoft has accused the U.S. government of hiding flaws in the system