Guest blog: TotalAV uncovers the world’s first ransomware

Posted by    on   Sep 12, 2019

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.


Rediscovered in an old storage box amongst a collection of old magazines, a five-and-a-quarter-inch floppy was brought into the Protected.net office in late June - dated 1989. The disk, older than some of the staff, contains one of the first trojan horses and pieces of ransomware ever documented. Back in its day, the disk was displayed as a giveaway on the front of a computer magazine, with the design leading the reader to believe the contents related to the AIDS virus, including information on scientific research. In fact, the program on the disk would count the number of times the computer was booted and, once it reached 90, it would hide directories and encrypt files – holding the user to ransom for their release.

TotalAV_aids-virus.jpg

Potentially thousands of people received the disk around the world, and witnessed what is believed to be the first ever case of ransomware. Today, the AIDS disk is a sought-after piece of security memorabilia and has been framed for display in our office.

Fifteen years ago, instant messaging platforms burst onto the market and brought with them new cybersecurity challenges. Previously, users could not immediately share files with one another – however, today, with multiple platforms outside of email such as Facebook Messenger, WhatsApp and Instagram, file sharing and potential breaches have amplified incredibly. As well as this large target audience for cybercriminals, there will soon be the addition of financial information included within the platforms, as Facebook pushes forward with the development of its own cryptocurrency.

With web usage on mobile devices overtaking that of desktop and laptop use, cybersecurity threats have started the shift to mobile and tablet. We expect to see 20 billion Internet-connected devices by 2020, a figure that is rapidly on the increase due to the Internet of Things (IoT). The scale of opportunity for hackers here is not yet fully understood, but the shift in cybercriminal activity in the last 5-10 years from data theft to data manipulation is a concern when the level of user reliance on these devices is considered. The fact that the data is often in the hands of many private enterprises, device manufacturers, cloud providers and third parties accessing via an API, creates more target points for cybercriminals.

In the years to come the ongoing debate and cultural changes will likely lead to changes in requirements within the industry. Subjects like the use of personal data by marketing, freedom of speec,h and the experience of net neutrality will bring users to look for digital solutions.

With the landscape changing, and users slowly moving away from Microsoft Windows, threats will inevitably change. The blocking at source of dangerous websites and the spotting of phishing attempts will only become more important in the industry.

At TotalAV we believe that blocking the first point of contact with online threats will continue to be the best way forward. Users are getting used to seeing false positive and unnecessary PUA definitions and the security of their digital life is reduced as users become complacent with real-time and scheduled anti-virus scans. This is why we are developing a dynamic URL blacklist, where we aim to crowd-source data initially, but investigate machine learning to accompany our efficient WebShield blocks.

Through this structure, our goal is to provide education to help keep users secure. The emphasis on real-time blocking and PUAs has created a minefield where all kinds of programs are blocked, AV provider to provider, and user machines are impeded by the huge overheads of real-time protection. Encouraging users to understand the threats out there, and the consequences of accessing things for free (at the cost of security or privacy), is the next logical step in a world where user data becomes larger and increases in value day by day.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 paper: DNS on fire

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

German Dridex spam campaign is unfashionably large

VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.

Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.

Emotet continues to bypass many email security products

Having returned from a summer hiatus, Emotet is back targeting inboxes and, as seen in the VBSpam test lab, doing a better job than most other malicious campaigns at bypassing email security products.

VB2019 paper: We need to talk - opening a discussion about ethics in infosec

Those working in the field of infosec are often faced with ethical dilemmas that are impossible to avoid. Today, we publish a VB2019 paper by Kaspersky researcher Ivan Kwiatkowski looking at ethics in infosec as well as the recording of Ivan's…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.