Part 2 of a 3 Part Series on Cyber Security
The internet allowed computer viruses to spread quickly. One of the first computer viruses, the “I love You” virus, infected more than a million PCs in a few hours in 2000.
Traditional Antivirus works by looking for “Virus Definitions.” A definition is simply unique signatures in the code of a virus. Like the way your own immune system identifies threats it has seen before; an antivirus definition contains sample code from all threat’s security researchers have seen. Antivirus is an imperfect solution because someone needs to be infected before security researchers can identify the virus which then gets distributed via download.
But Antivirus worked ok until the “Bad Guys” realized that they could monetize hacking and breaches. Hacking became about BIG MONEY
Before bitcoin, the only motivation to create a new computer virus was to show off your ability to find and exploit flaws in computers, or to cause chaos. Hacking was something a hacker could do in their spare time to show off to their friends
But with Bitcoin, gaining access to your computers allows hackers to install Bitcoin mining software on your systems. By spreading the compute required to mine bitcoin across hundreds or thousands of computers, the hackers can mine more bitcoin more quickly, without any cost. You bear the computing cost and electrical costs while they reap the benefits.
Bitcoin has enabled hackers to weaponize their programming skills in a way that is very lucrative. In 2021 the top 5 groups generated over $40 million USD.
Most people think of cyber and computer threats as viruses. The correct term is malware and malware creators have another financial incentive to install their software your systems – to lock them down and force you to pay a ransom.
Most of the hackers who break into systems are the creators of malware. They’re really franchisees, running software developed by sophisticated third party groups. To stay safe from law enforcement while ensuring a constant revenue stream, these third-party groups run “Ransomware as a service” and provide thousands of their franchisees with the tools and knowledge to exploit your systems and employees. The franchisee that finds a way in and locks down your files splits any profits with the malware creators.
Antivirus doesn’t protect you from this kind of attack.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that according to FBI.
CryptoWall, another ransomware program, was estimated by the US Federal Bureau of Investigation (FBI) to have generated over US$18 million by June 2015. CryptoLocker generated an estimated US$3 million for the bad guys before it was taken down by authorities in 2014.
There were 181.5 million ransomware attacks in the first six months of 2018. This was a 229% increase over the same time frame in 2017.