18 Apr Ransomware Continues to Evolve
“What’s old is new again.”
The simple truth is that tastes and trends seem to repeat. We’ve seen it countless times in the world of fashion, and now, we’re seeing something similar in the hacking community.
Over the past year or so, hackers around the world have come to rely increasingly on a type of malware called “ransomware,” which encrypts all the files on your computer, requiring you to send money (typically in the form of Bitcoin) if you want your files unlocked.
Before ransomware became all the rage in the hacking world, however, there was “RansomLocker” software.
This software is similar in its intent, but much more primitive. It doesn’t actually encrypt your files, but rather, simply locks your computer so that you cannot access anything. The idea is the same, of course. If you want access to your computer back, you’ll pay the ransom demanded. The problem, however, is that unlike modern ransomware, a savvy IT professional can generally get around RansomLocker software by using “rescue discs” and the like, making it of limited use to hackers who are looking to cash in on their talents.
Recently, however, RansomLocker software has been showing some signs of resurgence. Security professionals have begun to see it popping up in places again, although it is unknown if the hackers are simply using the software as a kind of test dummy to test antivirus detection rates, or whether this is a sign of some new (or rather, renewed) attack vector to come.
One thing that is known for certain is that this old-but-new-again type of malware has been given some significant upgrades that make it both harder for antivirus software to spot, and allow for undetected communications between the hackers and the infected machines, thanks to the fact that the software makes use of the Tor anonymizing network, making it virtually impossible for IT security pros or law enforcement to track the authors down.
What this means for the future is anyone’s guess, but one thing you can be sure of is this: Old attack vectors never go away completely. You might not see them for a while, but they’ll be back, and when they return, they’ll come bearing upgrades that keep them dangerous.