KK34603 COMPUTER SECURITY
[2-2019/2020]
GROUP ASSIGNMENT
TITLE: RANSOMWARE
LECTURER: SIR LEAU YU BENG
NAME MATRIC NO
AHMAD AMSARI BIN BI17110100
MUHAMMAD
NURSYAKILA BINTI ROSLAN BI17110118
ROSINAH MARINGAL BI17110075
� Ransomware
History of Ransomware
In 1989, the first ransomware virus was AIDS Trojan was created by Joseph L.Popp. It
used simple symmetric cryptography to encrypt file names and tools were soon available to
decrypt them(Sjouwerman,2015). In 2005, the first modern ransomware was Trojan.GPCoder
known as GPCoder. It used a custom symmetric encryption technique that was weak and
easily overcome. In March 2006, Trojan.Cryzip appread.
In 2007, locker ransomware began to appear. In mid 2011, the first large-scale outbreak
of ransomware. In August 2013, the most famous piece of ransomware, CyptoLocker was
released by a hacker named Slavik. Then, CryptoLocker 2.0 was released in December.
Written in a different language than original CryptoLocker. In February 2014, CryptoDefense
was released. Then, an improved version called CryptoWall was released in April. In 2015,
CryptoWall passed Cryptolocker as the leading version of ransomware . In May 2015,
ransomware-as-a-service arrived allow attackers to create ransomare for free using TOR
website. In September, LockerPin was released.
In February 2016, ransomware infected thousands of WordPress sites and in April, a
ransomware called Petya came out. In May 2017, the most popular ransomware, WannaCry
ransomware appeared worldwide. In 2018 until now, more type of ransomwared began to
attack such as SYRK,STOP, ENTSCRYPT and so on.
How Ransomware attack happen?
1) Phishing email
Ransomware often spread through phishing emails contain malicious attachments and such
emails are often disguised themselves as email that are from trusted websites and you should
open it. Once they are downloaded and opened, the ransomware is able to access the
computer and take over the computer.
2) Drive-by downloading
Bad Rabbit is one of ransomware attack that have terrorized Russia and Eastern Europe . Bad
Rabbit disguised itself as Adobe Flash Driver, spreads through ‘drive-by download’ in a
compromise website. If a person clicks on the malicious installer, their computer locks.
3) Messages
Attackers use messages to trick victims on social media for example Facebook Messenger.
These attackers will make fake accounts and mimic a user’s current “friend” to trick the user
to click on malicious attachments. Once opened, ransomware could access to and lock down
all networks connected to the device .
4) Black-mailed users
Jigsaw is one of most dangerous ransomware where not only it encrypt user’s files, the
attackers will progressively delete them. The user needs to act quickly to paid ransom and if
the user fail to meet the deadlines, ransomware will keep deleting files every hour and
increase the number of files deleted.
�Statistic of one of the ransomware in 2019
Ransomware Month Victim Attack Ransom paid
Ryuk March Jackson network shut $400,000
County,Georgia,USA down
April Park DuValle -locked for 3 -
Community Health weeks
Center, Kentucky, -data backup
USA
Stratford -malware were $71,000
City,Ontario,Canada installed on six
of their servers
on a physical
notes
-encrypted 2
virtual servers,
sensitive data
locked down
May Riviera Beach -clicked on $600,000
City,Florida,USA phising email
June Park DuValle -medical $70,000
Community Health records of
Center, Kentucky, almost 20,000
USA patients
encrypted
-locked out of
their system for
almost 2
months
-impact health
center’s
medical record
n scheduling
tool
Lack City,Florida,USA -Network $500,000
system
July La Porte County, $130,000
Indiana,USA
