Ransomware
Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.[1][2][3][4][5] In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.[6]
Starting as early as 1989 with the first documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally.[7][8][9] There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017.[10] In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year.[11] CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities,[12] and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015.[13] In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that, according to the FBI.[14] Globally, according to Statistica, there were about 623 million ransomware attacks in 2021, and 493 million in 2022.[15]
Criminal arrests and convictions[edit]
Zain Qaiser[edit]
A British student, Zain Qaiser, from Barking, London was jailed for more than six years at Kingston upon Thames Crown Court for his ransomware attacks in 2019.[158] He is said to have been "the most prolific cyber criminal to be sentenced in the UK". He became active when he was only 17. He contacted the Russian controller of one of the most powerful attacks, believed to be the Lurk malware gang, and arranged for a split of his profits. He also contacted online criminals from China and the US to move the money.[158] For about one and a half years, he posed as a legitimate supplier of online promotions of book advertising on some of the world's most visited legal pornography websites. Each of the adverts that were promoted on the websites contained the Reveton Ransomware strain of the malicious Angler Exploit Kit (AEK)[159] that seized control of the machine. Investigators discovered about £700,000 of earnings, although his network may have earned more than £4m. He may have hidden some money using cryptocurrencies. The ransomware would instruct victims to buy GreenDot MoneyPak vouchers and enter the code in the Reveton panel displayed on the screen. This money entered a MoneyPak account managed by Qaiser, who would then deposit the voucher payments into the debit card account of his American co-conspirator, Raymond Odigie Uadiale. Uadiale was a student at Florida International University during 2012 and 2013 and later worked for Microsoft. Uadiale would convert the money into Liberty Reserve digital currency and deposit it into Qaiser's Liberty Reserve account.[160]
A breakthrough, in this case, occurred in May 2013 when authorities from several countries seized the Liberty Reserve servers, obtaining access to all its transactions and account history. Qaiser was running encrypted virtual machines on his Macbook Pro with both Mac and Windows operating systems.[161] He could not be tried earlier because he was sectioned (involuntarily committed) under the UK Mental Health Act of 1983 at Goodmayes Hospital where he was found to be using the hospital Wi-Fi to access his advertising sites. His lawyer claimed that Qaiser had suffered from mental illness.[158] Russian police arrested 50 members of the Lurk malware gang in June 2016.[162] Uadiale, a naturalized US citizen of Nigerian descent, was jailed for 18 months.[163]
Freedom of speech challenges and criminal punishment[edit]
The publication of proof-of-concept attack code is common among academic researchers and vulnerability researchers. It teaches the nature of the threat, conveys the gravity of the issues, and enables countermeasures to be devised and put into place. However, lawmakers with the support of law-enforcement bodies are contemplating making the creation of ransomware illegal. In the state of Maryland, the original draft of HB 340 made it a felony to create ransomware, punishable by up to 10 years in prison.[164] However, this provision was removed from the final version of the bill. A minor in Japan was arrested for creating and distributing ransomware code.[165] Young and Yung have had the ANSI C source code to a ransomware cryptotrojan on-line, at cryptovirology.com, since 2005 as part of a cryptovirology book being written. The source code to the cryptotrojan is still live on the Internet and is associated with a draft of Chapter 2.[166]