Light Dark
May 8, 2015 By Rick M Robinson 2 min read
Advanced Threats

Encryption of data can be a powerful security tool. But like other technology tools, in the wrong hands it can be a destructive force. Leading cryptographers are warning that the misuse of encryption is a growing threat — and one that the security community has not done enough to address.

Ransomware is the name given to malware that encrypts data without the owner’s authorization. Cybercriminals can then hold the data hostage, demanding payment for the encryption key needed to decrypt the data and make it available for use again.

Data Held for Ransom

According to InfoWorld, a class of ransomware called Browlock emerged as one of the top 10 threats to PCs in 2014. Browlock programs take control of desktops, then impersonate police agencies, demanding that users pay fictitious fines in order to regain use of their computers.

Other, more powerful and dangerous ransomware programs, with names such as CryptoLocker, use strong encryption on computer files, rendering them unusable without access to the encryption key. Even some police departments have been forced to pay ransom. Ransomware aimed at Android phones is also on the rise, and experts warn that Internet of Things devices can also be subject to these threats.

Ransomware, said cryptographer Adi Shamir, is “a very serious problem,” and an area that the security community has failed “in a miserable way” to address. Paul Kocher, who moderated a recent RSA panel on ransomware, described it as “the pure evil incarnation of public-key cryptography.”

Ransomware Relies on Exploits

Like most modern encryption technology, ransomware usually involves two keys: a public key for encryption and a private key for decryption. Knowledge of the public key does not help to break the private key. Thus, ransomware operators have the ability to extort payments in turn for providing the decryption key.

An important characteristic of ransomware, however, is that it relies on the ability of an attacker to penetrate a system and take at least partial control over it to encrypt data. As cryptographer Whitfield Diffie pointed out, an attacker who gains this level of access can find multiple ways to blackmail the victim.

However, Ron Rivest of MIT noted that ransomware depends in part on anonymous payments, typically using bitcoins. The restrictions on anonymous payments could provide a measure of threat protection.

In the meantime, ransomware is likely to be a growing threat. It’s just one more reason for organizations and their security leaders to concentrate on protecting data against unauthorized access at all times.

 |  |  |  |  | 
Rick M Robinson

More from Advanced Threats
April 9, 2024

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

August 2, 2022

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature