Ciprian Oprisa Bitdefender
George Cabau Bitdefender
Andrea Takacs Bitdefender
download slides (PDF)
It has been 24 years since the PC Cyborg trojan used to scramble file names and ask for a ransom in return for restoring them. Since then, cybercriminal minds have engineered new methods for financial revenue. This paper presents the evolution of ransomware and the methods used.
An analysis of over 2,000 samples, collected over the course of more than two years, shows that this is a serious threat for everyone. The analysis also shows a tendency to re-use the same techniques over and over, because they still work.
Some of the most popular ransomware will lock the user's screen and demand a fee for unlocking it. This technique also uses some social engineering tricks like pretending to be the 'Internet Police' and fining the user for improper usage of his computer.
We also analysed more dangerous malware that perform encryption on the user's personal files. Although some of them use strong cryptographic algorithms (e.g. AES-256) we will show some of the mistakes that the authors have made. These mistakes allow us to decrypt the files without paying the ransom. There are also samples that properly use cryptography, making decryption almost impossible. We will see how cryptography is a powerful weapon, but that it can point both ways.
As a conclusion, this paper tries to make users aware of the necessity of data backup as a good way to fight in this kind of situation.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.