Reply to post: Re: A force of nature

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Anonymous Coward
Anonymous Coward

Re: A force of nature

Is it out of nowhere? Looks to me like steady but worrying evolution.

Cryptolocker was probably the first globally successful "business model plus attached malware" some four years ago, but the history of ransomware goes back to at least 1989, and a modest resurgence in 2005. With the increasing knowledge of encryption, the options for encrypting ransomware have improved (for the crooks, that is), although there's other variants that don't use encryption, such as access control or leakware.

The NSA's incompetent hoarding has made the crooks lives much easier (although the TLAs and politicians are too dim to understand their complicity in this), but it seems that the quality of the ransomware is improving. Crooks are learning to obfuscate code, delete traces on machines, spread via internal networks, avoid specific domains, not to use crackable encryption, avoid their own coding errors. Our worry should be that they are learning - somebody somewhere will be studying the mitigations for Wannacrypt, and thinking Version 2 will not have that error, or that kill-switch. That somebody is probably reading this very comment thread, and those on other tech sites, as well as the AV reports and press articles, KB articles, and considering how to "upgrade their asset", or how to nail together a further set of different malware plus code flaw exploits to create a completely different tool to achieve the same outcome.

The other problem is that the state-sponsored actors will be looking at the carnage caused by Wannacrypt, and thinking "That's cool. What can we learn from that?" I'd assume they're already running a collection of latent APT, lodged in corporate and foreign government systems to be called upon when they see the need, and there's thus a binary system of TLAs and black hats, in effect working together to crap on the rest of the world - us.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon