Guest blog: TotalAV uncovers the world’s first ransomware

Posted by    on   Sep 12, 2019

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.


Rediscovered in an old storage box amongst a collection of old magazines, a five-and-a-quarter-inch floppy was brought into the Protected.net office in late June - dated 1989. The disk, older than some of the staff, contains one of the first trojan horses and pieces of ransomware ever documented. Back in its day, the disk was displayed as a giveaway on the front of a computer magazine, with the design leading the reader to believe the contents related to the AIDS virus, including information on scientific research. In fact, the program on the disk would count the number of times the computer was booted and, once it reached 90, it would hide directories and encrypt files – holding the user to ransom for their release.

TotalAV_aids-virus.jpg

Potentially thousands of people received the disk around the world, and witnessed what is believed to be the first ever case of ransomware. Today, the AIDS disk is a sought-after piece of security memorabilia and has been framed for display in our office.

Fifteen years ago, instant messaging platforms burst onto the market and brought with them new cybersecurity challenges. Previously, users could not immediately share files with one another – however, today, with multiple platforms outside of email such as Facebook Messenger, WhatsApp and Instagram, file sharing and potential breaches have amplified incredibly. As well as this large target audience for cybercriminals, there will soon be the addition of financial information included within the platforms, as Facebook pushes forward with the development of its own cryptocurrency.

With web usage on mobile devices overtaking that of desktop and laptop use, cybersecurity threats have started the shift to mobile and tablet. We expect to see 20 billion Internet-connected devices by 2020, a figure that is rapidly on the increase due to the Internet of Things (IoT). The scale of opportunity for hackers here is not yet fully understood, but the shift in cybercriminal activity in the last 5-10 years from data theft to data manipulation is a concern when the level of user reliance on these devices is considered. The fact that the data is often in the hands of many private enterprises, device manufacturers, cloud providers and third parties accessing via an API, creates more target points for cybercriminals.

In the years to come the ongoing debate and cultural changes will likely lead to changes in requirements within the industry. Subjects like the use of personal data by marketing, freedom of speec,h and the experience of net neutrality will bring users to look for digital solutions.

With the landscape changing, and users slowly moving away from Microsoft Windows, threats will inevitably change. The blocking at source of dangerous websites and the spotting of phishing attempts will only become more important in the industry.

At TotalAV we believe that blocking the first point of contact with online threats will continue to be the best way forward. Users are getting used to seeing false positive and unnecessary PUA definitions and the security of their digital life is reduced as users become complacent with real-time and scheduled anti-virus scans. This is why we are developing a dynamic URL blacklist, where we aim to crowd-source data initially, but investigate machine learning to accompany our efficient WebShield blocks.

Through this structure, our goal is to provide education to help keep users secure. The emphasis on real-time blocking and PUAs has created a minefield where all kinds of programs are blocked, AV provider to provider, and user machines are impeded by the huge overheads of real-time protection. Encouraging users to understand the threats out there, and the consequences of accessing things for free (at the cost of security or privacy), is the next logical step in a world where user data becomes larger and increases in value day by day.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New Emotet spam campaign continues to bypass email security products

On Monday, the infamous Emotet malware resumed its spam campaign to spread the latest version of the malware. As before, the malware successfully bypasses many email security products.

Book review: Cyberdanger: Understanding and Guarding Against Cybercrime

Security researcher Paul Baccas reviews Eddy Willems' book 'Cyberdanger'.

Programme for VB2019 Threat Intelligence Practitioners' Summit announced

In the mini-summit, which forms part of VB2019 (the 29th Virus Bulletin International Conference), eight sessions will focus on all aspects of threat intelligence collecting, using and sharing.

Guest blog: TotalAV uncovers the world’s first ransomware

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.

Guest blog: Targeted attacks with public tools

Over the last few years SE Labs has tested more than 50 different security products against over 5,000 targeted attacks. In this guest blog post Stefan Dumitrascu, Chief Technical Officer at SE Labs, looks at the different attack tools available, how…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.