Rail and Ransomware | IL7 Security

It’s Been Going on Quite a While

Though it may seem like merely a decade-old idea, the notion of ransomware has been around for quite some time. In 1989, Dr Joseph Popp distributed a Trojan called PC Cyborg in which malware hid all folders and encrypt files on an infected PC’s C: drive. A script then delivered a ransom message demanding that 189 USD be directed to the PC Cyborg Corporation. The afflicted PC wouldn’t function until the ransom was paid and the malware’s actions were reversed. Since then, numerous enhancements to this type of scheme have been made, especially in the area of stronger file encryption. Now it’s virtually impossible for victims to decrypt their own files. Another type of ransomware scheme, dubbed ‘scareware’, displayed a warning on a user’s computer that the device was infected with malware that could be removed immediately by purchasing what turned out to be fake antivirus software. The scareware message appeared repeatedly, prompting many victims to purchase the ‘antivirus software’ just to get rid of the warning message.

The Attackers Include Boss and SpiderBoss – International Criminals

Today, the term ‘ransomware’ broadly describes a wide range of e-crime, malicious software programs, including DoppelMayer, REvil, Ethria, Netwalker and Maze. Each differs slightly in its tactics. For example, Maze not only encrypts the data on infected machines, but also siphons off copies of the originals, giving hackers extra leverage: failure to pay the ransom could result in confidential corporate data being leaked or sold online. Historically, the vast majority of attacks were against Windows-based systems. This is largely due to a numbers game; there are more Windows-based computers than any other type of OS. Yet now, Android and Mac ransomware attacks are on the rise, too and are only expected to grow.

In the early days of ransomware, attacks were largely opportunistic, affecting individual users’ or small businesses’ computers. Today, criminals are setting their sights on larger organisations with the resources to pay bigger ransom demands. These will include rail manufacturers, ROSCOs and train operating…