Imagine sitting down to your desktop computer, booting the machine up, only to be greeted by an alert screen that provides a tense message. The warning notifies you that all of your personal files and content has been locked down, and that the group responsible will not return your information until you pay the price.
This type of attack is typical of ransomware samples and has become an all-too-familiar sight in the world of cybercrime. Although ransomware only recently surfaced as a hacking technique, it's impact has been quite considerable, and it seems new strains are emerging every day. Let's take a moment to examine the ransomware trend, including where it started, how it has evolved and its current status.
The dawn of ransomware: CryptoLocker
One of the first ransomware samples to be discovered was CryptoLocker. This strain gained widespread attention as it was a "particularly nasty" infection and affected a significant number of users once identified, noted Malwarebytes Unpacked contributor Joshua Cannell.
CryptoLocker was first discovered in the fall of 2013 and displayed all the characteristics that have become common with ransomware: the ability to target victims through phishing and malicious email links, encryption of user files and a notification box demanding a ransom for their return.
Cannell noted that the first version of CryptoLocker utilized asymmetric encryption – which requires public and private keys for data verification and decryption – to lock victims out of their personal files. At first, hackers asked for $300 to be sent in accordance with a specific timeline, and warned that if the money wasn't sent, the users would have little hope of ever seeing their files or stored content again.
Since CryptoLocker first emerged, a number of different versions have been created, along with an array of copycats. However, Cannell reported in early June 2014 that the U.S. Department of Justice had made progress in taking the malicious threat down. Deputy Attorney General James Cole announced on June 2 that the DOJ had been able to disable CryptoLocker after seizing the malware's connected servers.
In addition, the department identified Evgeniy Bogachev as the leader of the cybercrime ring responsible not only for CryptoLocker, but for the Gameover Zeus attacks as well. Bogachev is currently still at large and wanted by the FBI.
"It's worth stating that users still need to protect themselves from CryptoLocker despite its recent interference," Cannell noted "Continue to maintain a strong security posture, to include updating antivirus/anti-malware definitions and avoid unknown or unforeseen email attachments, even if you know the sender."
New ransomware sample discovered: Onion
Since CryptoLocker was first identified, a number of cybercriminals have followed suit with this style of attack. One of the most recent ransomware samples found has been dubbed Onion and utilizes the Tor network and elliptical curve cryptography to avoid being discovered, according to International Business Times contributor David Gilbert.
While still displaying all the normal ransomware characteristics, the fact that Onion leverages Tor – or "The Onion Router" – network means it is a more powerful infection that can avoid detection. This is the first time Tor has been leveraged in connection with ransomware.
Moving to mobile: Android ransomware
In early June, ThreatPost contributor Michael Mimoso reported that for the first time, a ransomware sample had been found on mobile platforms, specifically seeking out and encrypting data on Android devices. First discovered in May, the infection has since impacted victims across 13 different countries.
Kaspersky Lab researchers found that the mobile ransomware originated with Pletor, a Trojan sample being sold on underground marketplaces for $5,000.
"If your smartphone has been infected with [Pletor], we recommend that you do not pay the criminals," said Kaspersky Lab researcher Roman Unuchek. "All of the versions of the Trojans that we have seen contain a key that can be used to decrypt affected files."