The monetization of malware

ransomware

Christiaan Colen

message to user displayed by highly infectious ransomware cryptolocker https://www.flickr.com/photos/christiaancolen/20633029275/in/photostream/

Han Nelson, Reporter

Malware is an umbrella term used to describe software designed to be harmful to computer users, and and comes from  the term ‘Malicious Software’. It comes in many forms, and over time, the purpose behind creating malware has changed.

Motivation

As malware is just a tool, the motivation behind the creation of it varies. 

magistrpayload
Peter Ferrie
a popup that the magistr worm displays after deleting the user’s files
https://www.symantec.com/security-center/writeup/2001-031313-1110-99

Some malware is created as a way to get back at someone. A prime example of this is the “Magistr Worm”, which targets people in the law profession. The worm erases all of the data on computers that it finds with documents containing “legal speak”. The author even refers to themselves as “The Judges Disemboweler”

There has been a general shift in the motivation behind the creation of malware becoming more and more monetary in nature. One example of this is the rise of Adware, which displays unwanted advertisements to the infected user without their permission. 

Another example of more monetary focused malware are rogue antivirus programs, which masquerade as antivirus programs designed to clean the user’s computer. The Rogue then claims that the user has malware on their system, and demands the user to pay in order to clean their computer.

Ransomware

The shift towards monetary motivated malware is most clear in the increased prevalence of ransomware over the years. Ransomware is a category of malware where a program intends to extort money from the victim, by restricting the user’s access to their files and/or computer.

The first known attempt at creating ransomware was in 1989, the “AIDS Trojan”, which attempted to encrypt the names of all of the user’s files, and then prompted the user to contact PC Cyborg inc., and pay $189 for their files back. However, due to the encryption being a basic type, as well as only the file names being encrypted, it failed to cause massive economic damage. It wasn’t until the mid 2000s that prevalent ransomware programs began to appear again.

The display of a finnish varient of the Police-themed ransomware
https://archive.f-secure.com/weblog/archives/00002344.html

In 2012, a whole new category of ransomware began to appear, known as “Law Enforcement Ransomware”. The premise was simple; lock down the user’s PC, display a message claiming that the user has been caught doing illegal activity on their computer, and the user could face serious legal repercussions. However, if they pay a simple fee, the computer will be unlocked, and all the legal problems will go away. All the user has to do is transfer a payment to the disguised cybercriminals, via prepaid card.

 

Malware has become a business for cybercriminals, and is designed to steal money quickly and effectively from businesses and individuals, through various means.

There are a few very effective things that you can do to protect yourself from having your files held hostage. Make sure to keep your computer up to date, as a lot of malware uses exploits to get into your PC. Enabling the built in antivirus on your computer, such as Windows Defender, or downloading another antivirus program is always recommended. The most important factor in keeping yourself safe from the effects of ransomware is to make online backups of all of your files that you care about.