Ransomware: The extortionists of the new millennium

 economictimes.indiatimes.com  5/20/2017 6:46:07 PM   Suman Layak
The ransomware WannaCry broke new grounds to show how digitally vulnerable we are - using NSA’s spyware to infiltrate MS Windows and possibly holding to ransom an unreleased Disney film. Last year, ransomware extorted over $1 billion from victims. ET Magazine looks at the extortionists of the new millennium:


The current attack by ransomware WannaCry is considered the worst ever, with newer versions appearing even as solutions are found to deal with existing versions. * It surfaced on May 12, exploiting weaknesses in older versions of Windows, especially Windows XP, and locking computers and servers, demanding payments for unlocking them * The weakness of Windows was fi rst found by US surveillance agency NSA. Tools developed by the NSA were outed by hacking group ShadowBrokers in mid-2016. The Wannacry creators have used these tools to infi ltrate Windows * A kill-switch for WannaCry was accidentally found, but newer versions seem to have been launched that corrected this flaw * The ransomware has demanded payments in bitcoins, equivalent to $300-600. More than 200,000 computers/servers were affected in 150 countries

Lazarus Group

A North Korea-based cybercrime group is being suspected for perpetrating the WannaCry attack. They have been associated with Operation Troy that targeted the South Korean government in 2009-12, the attack on Sony Pictures in 2014 and on the Bangladesh Bank earlier this year

Rogues gallery: Cyber extortionists

AIDS Trojan

The first recorded ransomware attack was in 1989 and was distributed on fl oppy disks sent via post. These supposedly measured a person's risk of contracting AIDS but had a virus that encrypted data once the PC was restarted 90 times. It then demanded payment of $189 or $378 to be sent to a PO Box in Panama


The most prominent ransomware and probably the most damaging till date. It affected 250,000 systems between Septembber and November 2013 and made $3 million for its creators. In 2014, the Gameover Zeus botnet, which was behind CryptoLocker, was destroyed in a concerted global operation


After CryptoLocker was taken down, clones became active. CryptoWall and Torrentwall dominated between 2014 and 2016. By mid-2015 CryptoWall had extorted in excess of $18 million


By February 2016, Locky replaced Cryptowall as the most actively spread ransomware

TeslaCrypt or Alpha Crypt

It demanded payments in bitcoins as well as through conventional platforms like Pay-Pal. It is said to have extorted over $70,000 in 2015


In March 2016, it emerged as a more sophisticated version of ransomware encrypting the master fi le table, rendering the computer unusable


A later ransomware that deletes thousands of fi les for every hour that ransom is not paid

The malware primer

Malware: A short form for malicious software that is used to disrupt any computer operation to gain information or steal money

Ransomware : Software programmes or malware that are designed to deny access to data and information on a system. Often they demand a payment to undo these changes. Ransom amounts averaged around $300 in the last decade but are now hovering around $500 mark. Often, the demand is doubled if it is not met by the deadline

Botnet : A bot or a web robot is a malware that allows an attacker to take over a computer. A computer taken over by a bot is often referred to as a zombie computer. A botnet is a network of similar computers

DDoS : Distributed Denial of Service is called the older cousin of ransomware, where hackers overwhelm a machine or a server with traffi c from multiple compromised systems. A DDoS struck the servers of Dyn, which controls a lot of the domain name system (DNS) infrastructure, in 2016

Famous victims of wannacry

* French car maker Renault UK's National Health Service Russia’s Interior Ministry * Disney CEO Robert Iger said a hacker group has threatened to release one of its upcoming movies (suspected to be the new Pirates of the Caribbean or Cars 3 ) unless a ransom is paid in bitcoins. It is not clear if it is the same hacker group behind WannaCry

* The Tirupati Temple Trust reported that quite a few of its computers were affected by WannaCry as was the Andhra Pradesh Police

Emerging heroes

Marcus Hutchins

The 22-year-old Brit found the killswitch for WannaCry, accidentally, Hutchins found a domain that was being used by the ransomware and registered it. That killed much of the operating ransomware. He works for Kryptos Logic and tweets under @MalwareTechBlog

Neel Mehta

A scientist with Google, he tweeted a part of the WannaCry code along with a code used by cyber crime group Lazarus to rob the Bangladesh central bank of $81 million. This raised questions about whether WannaCry is released by the same group or is a far more devious false-fl ag operation
« Go back