On january 2, 2017Extortion softwareThe year of global spread, in particular the global outbreak of the blue blackmail worm (wannacry) in may, and the subsequent spread of the petya virus in places such as ukraine, have raised an unprecedented level of attention to extortion software. Globally, many critical information infrastructure areas, such as government, education, hospitals, energy, communications and manufacturing, have suffered unprecedented losses。
Helping users of personal computers and a wide range of government agencies to further study the characteristics of attacks and techniques of extortion software okayCybersecurityPreventive measures include the publication recently by the 360 internet security centre of an analysis of the threat of extortion software 2017, which provides a comprehensive study of the attacks of extortion software in 2017, with in-depth analysis of the scale of the attacks, the characteristics of the attacks, the characteristics of the victims, typical cases and trends projections。
The blackmail virus was active year after year, and the wannacry worm became the annual drug king
In january-november 2017, the 360 internet security centre reportedly intercepted 183 new extortion software variants at the computer end. At least 4,725,000 computers throughout the country have been subjected to extortion software attacks, and an average of about 14,000 domestic computers have been subjected to extortion software attacks every day。
In terms of time, during the peak of april, the number of attacks by extortion software was 811,000, with an average of 27,000 computers being attacked per day, mainly because the shadow brokers (shadow brokers) organization openly disclosed the “blue of end” of the us national security agency (nsa) loophole, which many extortion software used to launch attacks。
The mass extortion software attacks from october to november were the second peak of the year, mainly because of the emergence of the arena and java extortion virus. The assailants were skilfully and through servers to release the virus, resulting in a sharp rise in the number of computers attacked, reaching an average of 31,000 per day。
2017 extortion software posture analysis
The report, through a situation analysis of the extortion software attacks monitored in 2017, summarizes the five main ways in which extortion software is disseminated: extortion software is disseminated mainly through e-mail, access to servers, attacks on supply chains, hanging pages and system loopholes。
Because many system administrators use weak passwords on servers and are highly susceptible to hacking violently, intrusion into servers has been a pattern of attack with a high success rate and a high level of infection. This year, however, proliferation through the system's own loophole became a new feature of blackmail software, with the wannacry blackmail virus that shook the world in the first half of the year spreading using microsoft's eternal blue loophole。
Unlike the two above-mentioned high-prevalence attacks, the hang-up page is more like a “fishing net”. The visitors were attacked by embedding wooden horses in regular pages by hacking into servers on mainstream websites. This was generally done by “naked running” users who did not install safety software。
Fishing mail and attacks on the software supply chain are more targeted methods of attack, usually targeting companies, various units and institutions, while the latter specifically hijack or tamper with legitimate software to circumvent the inspection of safety products for illegal purposes. As can be seen, there is now a tendency to diversify the way in which software is used for extortion。
The internet it industry is the most vulnerable to extortion
Between january and november 2017, the 360 security centre received 2,325 victims of extortion software for help with virus clean-up and data recovery, the vast majority of whom did not normally use security software to protect themselves, and even a number of victims ' computers did not install any security software, which made the blackmail virus vulnerable to infection。
As can be seen from the industry classification of victims, the it/internet industry is the most affected, accounting for 27. 0 per cent, followed by manufacturing and education. In addition, data show that men are the most vulnerable target of extortion software, accounting for up to 90. 5 per cent。
Industry classification of victims of extortion software
As can be seen from the way in which victims who seek help are infected with extortion software, 44. 0 per cent of victims do not know how they are infected with extortion software, and the virus is extremely hidden during the infection and outbreak, making it difficult for victims to detect it。
Victim-infection extortion software pathways
After having infected the extortion software, it is of paramount importance to the victim that the encrypted document be restored. Currently, 5. 8 per cent of victims pay ransoms and successfully restore encrypted documents; only 5. 4 per cent of users provide advance backup of critical documents and timely restoration of encrypted documents。
However, as there is still a significant portion of the extortion software that does not pay the ransom, it is also possible to decrypt the document, so users can decrypt it through the master of decryption tool of the 360 security guards, which is currently the world's largest blackmail virus, the “declassified vault” to decrypt nearly 100 types of blackmail viruses。
Extortion of software tends to increase
Reporting on the threat to software by extortion in 2017Data statisticsWith analysis, trends in extortion software attacks in 2018 were projected: overall trends suggest that the quality and quantity of extortion software will increase, that self-dissemination capabilities will increase and the period of silence will continue to increase; and that, in terms of targets, the types of operating systems used to extort extortion software attacks will increase, as will the ability to direct attacks。
Type-petya blackmail virus loss to known businesses
In addition, the economic cost of extortion software will increase, as will the amount of ransom paid by victims. When wannacry broke out on a massive scale, it caused $1 billion in economic losses the previous four days; after the outbreak of the petya-type extortion virus, the economic losses to four globally renowned companies were well over $1 billion. These figures will be even larger in the future, with agencies predicting that the loss of extortion software attacks in 2019 could rise to $11. 5 billion. However, while the “placard prices” are increasing, the success rate of ransom recovery documents will decline significantly for various reasons。
In a situation where extortion software is rampant, security experts recommend that a large number of users develop the habit of back-up documents, avoid viewing dangerous websites and guard against strange e-mails, keep security software, such as 360 security guards, on a regular basis and be able to defend themselves against extortion viruses. In addition, users can open 360 security guards' “counter-torture services” and request ransom payments through 360 counter-torture services if the computer is infected by extortion software, minimizing economic losses。
Extortion software, as one of the most influential and sensitive forms of cyber-security threats at present, cannot be minimized. Especially in the era of greater security, cybersecurity has become more than just the safety of the network itself, but it also involves national security, social security, personal security, which can be described as a “loop-in-the-all” exercise, so that security agents should work in tandem with government agencies, businesses, individual users, etc., and the fight against extortion remains a long way to go。
