Encryption of data can be a powerful security tool. But like other technology tools, in the wrong hands it can be a destructive force. Leading cryptographers are warning that the misuse of encryption is a growing threat — and one that the security community has not done enough to address.

Ransomware is the name given to malware that encrypts data without the owner’s authorization. Cybercriminals can then hold the data hostage, demanding payment for the encryption key needed to decrypt the data and make it available for use again.

Data Held for Ransom

According to InfoWorld, a class of ransomware called Browlock emerged as one of the top 10 threats to PCs in 2014. Browlock programs take control of desktops, then impersonate police agencies, demanding that users pay fictitious fines in order to regain use of their computers.

Other, more powerful and dangerous ransomware programs, with names such as CryptoLocker, use strong encryption on computer files, rendering them unusable without access to the encryption key. Even some police departments have been forced to pay ransom. Ransomware aimed at Android phones is also on the rise, and experts warn that Internet of Things devices can also be subject to these threats.

Ransomware, said cryptographer Adi Shamir, is “a very serious problem,” and an area that the security community has failed “in a miserable way” to address. Paul Kocher, who moderated a recent RSA panel on ransomware, described it as “the pure evil incarnation of public-key cryptography.”

Ransomware Relies on Exploits

Like most modern encryption technology, ransomware usually involves two keys: a public key for encryption and a private key for decryption. Knowledge of the public key does not help to break the private key. Thus, ransomware operators have the ability to extort payments in turn for providing the decryption key.

An important characteristic of ransomware, however, is that it relies on the ability of an attacker to penetrate a system and take at least partial control over it to encrypt data. As cryptographer Whitfield Diffie pointed out, an attacker who gains this level of access can find multiple ways to blackmail the victim.

However, Ron Rivest of MIT noted that ransomware depends in part on anonymous payments, typically using bitcoins. The restrictions on anonymous payments could provide a measure of threat protection.

In the meantime, ransomware is likely to be a growing threat. It’s just one more reason for organizations and their security leaders to concentrate on protecting data against unauthorized access at all times.

more from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…

World’s Largest Darknet Market Shut Down, $25 Million in Bitcoin Seized

On April 5, German authorities announced the takedown of the Hydra marketplace, the world’s largest darknet market trading in illicit drugs, cyberattack tools, forged documents and stolen data. The criminal operation, with about 17 million customer accounts, raked in billions in bitcoin before getting shut down. On its website, the Federal Criminal Police Office (BKA) stated it had secured and…