Ransomware is literally an instrument of crime. It is a sophisticated form of extortion crafted for the weaknesses of the digital age. Just in the year 2013, 250,000 such viruses were crafted and used in ransomware attacks against computer users and businesses worldwide, as cited in this ransomware wikipedia reference. Dharma and Wallet are merely the latest strains to appear in the cybernetic landscape.
The basis for this form of attack is the science of cryptovirology. This involves the creation of specific viruses which are designed to encrypt all the data and application files on the infected computer. The early cryptoviruses merely locked up the operating system with a single key. Knowledgeable users and coders were able to figure out for themselves how to defeat these attacks. Modern ransomware is built upon multi-level algorithms which generate random decryption keys for each file on the hard drive and are far more difficult to unravel. And some of these applications may also have a separate encryption targeting the computer’s Master File Table or even the main access directory to the hard drive itself, completely locking the user out of his own computer.
In a typical attack, three steps proceed: the attacker generates key pairs and matching public key prior to releasing the virus. This application generates random keys which encrypt computer files, then the public key encrypts the symmetric key, which completes the cipherlock and blocks all access to the file. Also generated is a text file message, the “ransom note” to the user. The victim responds with the asymmetric ciphertext along with an electronic payment in Bitcoin. At this point, the attacker deciphers the response with his own keys. He then supposedly sends the decryption key to the victim to unlock his own data again. Each decryption key is unique to each victim, and so cannot be utilized to aid other ransomware victims. And the attacker’s own decryption key is never exposed to the victim. The response message is a small ciphertext file, and the use of Bitcoin helps maintain anonymity for the criminal since such e-payments cannot be traced back to the source of the attack.
The threat to destroy the data or publish confidential files gives the teeth to the extortion attempt. This can wipe out a business depending upon confidentiality; compromising trade secrets and exposing client data. This is what makes ransomware the most pernicious threat computer users and businesses have ever faced.