Light Dark
May 8, 2015 By Rick M Robinson 2 min read
Advanced Threats

Encryption of data can be a powerful security tool. But like other technology tools, in the wrong hands it can be a destructive force. Leading cryptographers are warning that the misuse of encryption is a growing threat — and one that the security community has not done enough to address.

Ransomware is the name given to malware that encrypts data without the owner’s authorization. Cybercriminals can then hold the data hostage, demanding payment for the encryption key needed to decrypt the data and make it available for use again.

Data Held for Ransom

According to InfoWorld, a class of ransomware called Browlock emerged as one of the top 10 threats to PCs in 2014. Browlock programs take control of desktops, then impersonate police agencies, demanding that users pay fictitious fines in order to regain use of their computers.

Other, more powerful and dangerous ransomware programs, with names such as CryptoLocker, use strong encryption on computer files, rendering them unusable without access to the encryption key. Even some police departments have been forced to pay ransom. Ransomware aimed at Android phones is also on the rise, and experts warn that Internet of Things devices can also be subject to these threats.

Ransomware, said cryptographer Adi Shamir, is “a very serious problem,” and an area that the security community has failed “in a miserable way” to address. Paul Kocher, who moderated a recent RSA panel on ransomware, described it as “the pure evil incarnation of public-key cryptography.”

Ransomware Relies on Exploits

Like most modern encryption technology, ransomware usually involves two keys: a public key for encryption and a private key for decryption. Knowledge of the public key does not help to break the private key. Thus, ransomware operators have the ability to extort payments in turn for providing the decryption key.

An important characteristic of ransomware, however, is that it relies on the ability of an attacker to penetrate a system and take at least partial control over it to encrypt data. As cryptographer Whitfield Diffie pointed out, an attacker who gains this level of access can find multiple ways to blackmail the victim.

However, Ron Rivest of MIT noted that ransomware depends in part on anonymous payments, typically using bitcoins. The restrictions on anonymous payments could provide a measure of threat protection.

In the meantime, ransomware is likely to be a growing threat. It’s just one more reason for organizations and their security leaders to concentrate on protecting data against unauthorized access at all times.

 |  |  |  |  | 
Rick M Robinson

More from Advanced Threats
May 24, 2024

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature