Today, we will answer the question – what is cryptoviral extortion? Also, we will show you how to prevent it.
Cryptoviral extortion dates back to the late ’80s and early ’90’s when the PC Cyborg/AIDS Information was spread to unsuspecting companies and businesses utilizing floppy disks. It was more of a classic example of the use of phishing/spamming.
The installed ransomware encrypted users’ hard drive, hides directories, and encrypts the file names in the system’s root directory, making the system unusable without decryption.
The author of the AIDS Information Introductory Trojan requested for ransom between $189 and $378 to be paid to a Panama post box before decrypting the files. He was later arrested based on a physically traceable address.
The 21st century makes payment anonymous and untraceable through the use of cryptocurrencies. This has encouraged the creation of more sinister crypto-viruses like the Teslacrypt, CTB-Locker, and Cryptowall, resulting in billions of dollars of loss annually to cybercrime.
Table of Contents
What Is Cryptoviral Extortion?
Cryptoviral extortion is a form of a ransomware attack. In essence, a crypto virus is a malware with file encryption abilities that uses public-key encryption technology to hold digital files as a hostage in exchange for a ransom. This makes crypto virus different from the conventional forms of viruses that do not contain public encryption keys and cannot keep your files hostage.
The most common groups of malware used in creating cryptovirus are the Trojan virus and worms.
In fact, cryptoviral extortion usually involves a ransomware attack with worms and Trojan. The Trojan or worm encrypts computer files using public-key cryptography embedded in them.
READ ALSO: Computer Viruses Guide
How Does Cryptoviral Extortion Work
Here is a detailed step-by-step process of cryptoviral extortion:
- The cryptoviral extortionist generates a pair of a cryptographic key. i) The public encryption key and ii) the private encryption key.
- The extortionist embeds the public key in the crypto-virus while keeping the private key private without revealing it to anyone.
- The crypto-virus spreads and infects host systems via phishing, file-to-file transfer, etc.
- The crypto-virus spreads in the host system, encrypting files in the hard drive and the directory locally with a computer host generated random symmetric key.
- The computer-host generated random symmetric key is encrypted with the public key, converting it to asymmetric ciphertext (the crypto virus resets the symmetric keys to zeros and plain text).
- The crypto-virus displays a message on the victim’s screen containing the asymmetric ciphertext and a means of contacting the extortionist, or weblinks with further instructions on the next line of action.
- The victim sends the payment and the asymmetric ciphertext to the extortionist.
- The extortionist receives payment from his victims along with the asymmetric ciphertext.
- The extortionist uses his private key to decrypt the asymmetric ciphertext back to the symmetric key and sends it back to his victim.
- The victim uses the decrypted symmetric key to decrypt his files.
How To Prevent Cryptoviral Extortion
The following best-practices will help you to prevent cryptoviral attacks.
1. Create a backup of essential files
Backing up your files to the cloud or a secure hard drive implies that cryptovirus extortionists have no leverage on you. You can quickly restore your backup copy to a new or formatted computer system. This saves you from having to pay a hefty ransom to decrypt your files.
2. Beware of phishing attacks
Cryptovirus can be embedded in email links and download paths in spam messages. Hence, it would help if you were wary of clicking on links and download paths in your emails and SMS to prevent your system from being infected with any forms of computer virus.
3. Install Antivirus with ransomware protection
Popular Antivirus typically incorporates ransomware protection features that can protect your devices. Some of the recommended Antivirus with ransomware protection includes Kaspersky Total Security, Heimdal Thor Premium, Avira Prime, BullGuard Internet Security, ZoneAlarm Extreme Security, Panda Dome, Norton Internet Security, etc.
4. Browse only safe websites
Several download websites contain tons of malware, including ransomware that can infect your computer. In fact some of these shady websites are known for mining cryptocurrencies from your system.
5. Update your OS regularly
Several OS updates contain patches that can fix bugs, which makes your devices vulnerable to cyber attacks. Hence, you should update your Operating Systems to the latest versions. This will keep your device safe from novel attacks.
Can Antivirus Protect You From CryptoViral Attack?
Antivirus so far can protect you only from known forms of crypto-virus attack by detecting subtle forms of file encryption on your computer.
However, attackers have always found a way to stay one step ahead of antivirus companies by unleashing advanced crypto-virus attacks capable of evading antivirus detection.
Hence, it is recommended that you utilize reliable security solutions to safeguard your digital devices.
Cryptoviral extortion is another form of a ransomware attack that has continually invaded the cybersphere. Since cryptovirus is continually evolving to evade advanced antivirus features, you should apply the above-listed preventive measures to keep your system safe.