From power grid seizures to internet-enabled chastity belts, organizations are being targeted for ransom. A ransomware attack is when someone is able to get exclusive control of files on a computer or network, and holds them hostage until their demands are met. Where did it come from, and what are some ways that it’s been used? This is intended to be a two-parter, so this post is going to talk about the history, and some more recent attacks.
The history of ransomware is absolutely bonkers. I tend to think of hacking exploits in terms of phishing scams or sneaky email links, but the original ransomware took place all the way back in 1989, when the main vector for software was floppy disks. The author was Dr. Joseph Popp, an anthropologist and evolutionary biologist from Harvard, who worked in Kenya with the World Health Organization on the HIV/AIDS epidemic.
His software came in the form of a floppy disk, mailed from Panama, and stamped with “PC Cyborg Corporation”, a fake company offering an interactive questionnaire that would assess an individual’s risk of contracting HIV/AIDS. Even though the company was fictitious, the survey was real. The disk also contained code that would monitor the number of times the computer would get booted, and when it hit a predetermined amount, would encrypt the files on the C: drive. An end-user agreement would pop up telling the organization to send $189 to an anonymous PO box in Panama.
Everything about this story is weird, including the name: AIDS Information Introductory Diskette, commonly acronymized to AIDS. He started behaving erratically before he was caught, at one point writing that he’d been poisoned. It is unclear what led him to make the world’s first ransomware virus, and people have speculated about his motivations, suggesting mental health problems, or anger over being passed up for a job. The court eventually determined him to be unfit to stand trial. After his return to the US, he founded a butterfly conservatory with his daughter, in New York.
Ransomware attacks have been on the rise in the last 10 years, particularly on the industry side of things, where critical information systems can be encrypted and held hostage. Present day attacks have incorporated new technology, including better encryption and the ransom being paid in cryptocurrency, but the basic strategy hasn’t changed. It makes sense, too. It’s a straightforward approach to extortion. Automation enables these people to extort entire companies, governments, or groups of individuals at one time.
In 2018 there was a large-scale attack on Atlanta by the SamSam group. This group used software that would target passwords, and run through a list of known, popular passwords, until it discovered which ones worked. Atlanta had been audited before the attack, and had known about deficiencies in their cybersecurity, but had failed to improve their security. The result was that many different system applications were either encrypted, or had to be shut down to prevent external access. While not catastrophic, it was extremely expensive to the city, and inconvenient to thousands of people trying to access public utilities, such as paying utility bills.
While data structures are often targeted, there is a galaxy of internet enabled objects. Rumors of hacking into smart objects like cars have spawned conspiracy theories and accusations of cyber murder, but in the case of Qiui, hackers got control of some of their products, and seem to have managed to get their customers in an awkward situation. Qiui is an internet of things company, and makes a thing that goes on your thing, and your partner can control it remotely. It’s called Cellmate, and it’s hackable. It turns out the company left a security vulnerability in their API, and allowed hackers to hold customers’ privates hostage, demanding bitcoin in exchange for release. A problem with this one is that there wasn’t anything customers could do about security.
There are so many security vulnerabilities, but luckily for the average person, there are some steps to take to prevent ransomware from giving you trouble. In part 2 I’ll talk about some of the more common exploits and what people can do to secure against them.
The Bizarre Pre-Internet History of Ransomware
Cellmate Male Chastity Gadget could Lock Users In
Corbett Winningham 