Bitcoin extortion: revealing the underground world you don't know

Although the Grand Theft Auto virus ransomware incident is over, the security issue is not over. I don’t know how many black production teams like the Grand Theft Auto virus will appear in the future. You must prepare as soon as possible, otherwise the next victim may be you.

Author: Sponge

The birth of Bitcoin has spawned some new industries, allowing some participants to reap huge returns. There is a group of people who have taken advantage of the anonymous and untraceable features of Bitcoin and made a fortune.

According to statistics, there have been many virus ransomware incidents around the world since 2015, and the rewards obtained by hackers ranged from hundreds of thousands of US dollars to billions of US dollars.

HBO, the crew of Game of Thrones, and shipping giant Maersk have all encountered similar incidents. Among all the incidents, the country that suffered the most was the United Kingdom. The ransomware virus directly paralyzed the British public health system. Computers and phones could not be used normally, and important information such as patient medical records, surgical arrangements, prescriptions, test results, etc. could not be retrieved.

Just last week, a ransomware team called GandCrab announced that it had earned more than $2 billion in the past year and a half and would now stop updating and shut down the malicious program.

2 billion US dollars, such a huge profit is enough to make many listed companies far behind. Interestingly, this ransomware has a label, it is called the Grand Theft Virus.

The origin of "The Thief"

GandCrab ransomware was born in January 2018. It is a new type of Bitcoin ransomware. In the following months, it quickly became a "newcomer" in the virus world.

On October 16, 2018, a Syrian father named Jameel posted a message on Twitter asking for help. Jameel said his computer was infected with GandCrab V5.0.3 and encrypted. He could no longer see the photos of his young son who died in the war because he could not pay the "ransom" of up to $600.

After seeing this, the creator of the GandCrab ransomware virus immediately issued an apology statement, saying that it had no intention of infecting Syrian users, and released the decryption keys for some of the infected Syrians.

GandCrab also updated to V5.0.5 and added Syria and other war-torn areas to the "white list" of infected areas. In addition, if GandCrab detects that the computer system is using a Russian language, it will stop invading. Security experts speculate that the author of the virus is suspected to be Russian.

Afterwards, many people developed a favorable impression of the GandCrab team and called them "Grand Thieves". However, GandCrab's behavior cannot be called "legitimate" because they are not merciful to people from other countries, and they also choose China and South Korea as important attack targets.

Ransomware virus

Generally speaking, for newly released ransomware, prevention tools will not appear quickly on the market, and some viruses have not been cracked even after a few weeks. Therefore, the only way to deal with the above viruses is to take precautions.

In general, the most common attack method used by ransomware is to attack in the form of emails.

By sending emails to victims, asking them to report to the police station, after the victims download and open the attachments, the Grand Theft Auto virus will encrypt the data on the user's host hard drive and ask the victims to visit a designated website to download the Tor browser, log in to the attacker's cryptocurrency payment window through the browser, and pay the ransom.

As for the spread of the Grand Theft Auto virus, the DVP blockchain security team believes that it may also use "web page Trojan attack". By taking advantage of some websites with weaker protection, it attacks users who log in to the website after gaining control of the website.

More advanced viruses will exploit vulnerabilities in the operating system to attack users. For example, in 2017, a "worm-like" ransomware virus called WannaCry spread around the world.

The attack form of this virus is even more terrifying, and you may be infected without performing any operation.

Technical experts later introduced that as long as the Windows device with the 445 file sharing port open is turned on and connected to the Internet, it can spread and replicate between computers on the same network, forming a chain of propagation and diffusion. Hackers can then implant malicious programs such as ransomware, remote control Trojans, virtual currency mining machines, etc. into computers and servers.

The virus required a payment of 300 USD worth of Bitcoin to unlock it. Although we don’t know how much money the team extorted at the time, its impact far exceeded that of the Grand Theft Auto virus, so the extortion money was also a sky-high price!

Summarize

In recent years, attacks on cryptocurrencies have increased, and security incidents have occurred frequently. Although the Grand Theft Auto ransomware incident has ended, the security issue is not over. I don’t know how many black production teams like the Grand Theft Auto virus will appear in the future. You must prepare as soon as possible, otherwise the next victim may be you.

Here are some tips to prevent yourself from getting attacked by ransomware:

For enterprise users, there are mainly two situations: on the one hand, for encrypted files on corporate servers, security patches should be applied to the servers in a timely manner, while avoiding the use of weak passwords and closing unnecessary ports.

On the other hand, for files on office machines, we should strengthen the interception of phishing emails, remind employees not to easily open emails from unknown sources, and keep security software running.

For individual users, they need to be wary of emails from unknown sources, keep security software running, fix computer vulnerabilities in a timely manner, and develop good Internet habits, and do not use plug-ins or other tools that are prone to viruses.

Ordinary users cannot take timely precautions against systemic vulnerabilities, so they need to develop the habit of backing up important files and use storage tools such as USB flash drives and hard drives to back up important files, so as to be prepared and prevent them before they occur.