It feels like there are already enough cyber-threats out there to worry about. But cybercriminals may now be able to launch even stronger attacks via cryptovirology. No, this isn’t to do with cryptocurrency. So, what is cryptovirology, and is it a danger to you?
The Basics of Cryptography
Cryptovirology is the practice of harnessing cryptography to create or improve upon malicious programs. In short, it switches cryptography from a method of defense to a method of attack.
Cryptography (not to be confused with the umbrella term “cryptology”) has done great things for cybersecurity and privacy. This field involves taking easily readable information and transforming it into coded text so that it is much harder to decipher, and therefore exploit. You may have heard of the term “encryption” before, as numerous online platforms now employ this security practice to protect users. Encryption codes your data so that no unauthorized parties can view it.
While cryptography has been hugely beneficial in many ways, like most technologies, it could be leveraged for illicit activities, including the development of malicious software.
Ransomware is a well-known example of cryptovirology. Ransomware is a kind of malware that encrypts files on an infected device. If the victim pays the attacker’s demanded ransom, they stand a chance of getting their data back via a decryption key, which the attacker holds. Sometimes, the victim will be able to retrieve their data by paying the ransom, but otherwise, the attacker will simply take the money and run without providing the decryption key.
This malicious method can also involve the exploitation of public-key cryptography, a specific realm within the cryptology field. Public-key cryptography uses pairs of associated keys to encrypt data. One key is public, and the other key is private. You may have heard of this cryptography method being used in the cryptocurrency industry on blockchains.
By abusing cryptographic systems, cybercriminals can get hold of highly sensitive private data. But how is it done?
How Is Cryptovirology Used?
As stated by Shivale Saurabh Anandrao in “Cryptovirology: Virus Approach”, the core purpose of cryptovirology is to “give the malware privacy in greater extent and be more robust against getting caught also to give the attacker more anonymity while communicating with deployed malicious program”. In short, it is useful in evading antivirus protocols.
Asymmetric backdoors are very useful in cryptovirology attacks. An asymmetric backdoor is one that can only ever be used by the attacker responsible for creating it. These are also known as kleptograhpic backdoors. Unlike typical backdoors, it is not symmetric in nature, so even if you find it, you cannot use it.
But cryptovirology doesn’t come in just one form. You can get cryptoviruses, cryptotrojans, and cryptoworms. These kinds of attacks can also be used to steal symmetric keys on top of private keys.
A more well-known use of cryptovirology would be ransomware, as previously mentioned. Ransomware attacks are by no means rare, with some large organizations being hit by this strain of malware. Common examples of ransomware include LockBit, WannaCry, and CryptoLocker. Using such programs, individuals can extort victims for huge amounts of money by holding their vital data hostage.
Take the Colonial Pipeline attack, for example. In May 2021, this US-based oil pipeline system became the target of a huge ransomware attack. Using a VPN, a Russian hacking group (known as DarkSide) managed to remotely compromise the Colonial Pipeline system and halt operations. The attackers demanded a ransom in exchange for the return of normal operations, which Colonial Pipeline ended up paying.
Cryptovirology attacks date back to the mid-1990s, but there have been numerous instances of viruses that use cryptography in the past, such as the Tremor virus. While this form of malware didn’t use cryptography in the payload, it did use such a technique to evade antivirus detection.
Cryptovirology Can Cause a Lot of Damage
With the ability to circumvent security detection and steal highly sensitive data, cryptovirology attacks have the ability to cause a lot of harm. We’ve already seen how these programs can target both individuals and organizations, and there’s no knowing how it will advance in the future.