It seems that there are already enough cyber threats to worry about. But cybercriminals can now launch even stronger attacks through cryptovirology. No, this has nothing to do with cryptocurrency. So what is cryptovirology? Is it a danger to you?
The Fundamentals of Cryptography
Cryptovirology is the practice of leveraging cryptography to create or enhance malware. In short, it changes cryptography from a defense method to an attack method.
Cryptography (not to be confused with the generic term “cryptology”) has done great things for cybersecurity and privacy. This field involves taking easily readable information and transforming it into scrambled text to make it much harder to crack and therefore exploit. You may have heard of the term “encryption” before, as numerous online platforms now employ this security practice to protect users. Encryption scrambles your data so that no one unauthorized can see it.
While cryptography has been enormously beneficial in many ways, like most technologies, it could be exploited for illicit activities, including the development of malicious software.
Ransomware is a well-known example of cryptovirology. Ransomware is a type of malware that encrypts files on an infected device. If the victim pays the ransom demanded by the attacker, they have the possibility to recover their data through a decryption key, which the attacker possesses. Sometimes the victim will be able to recover the data from her by paying the ransom, but otherwise the attacker will simply take the money and run without providing the decryption key.
This malicious method may also involve the exploitation of public key cryptography, a specific domain within the field of cryptology. Public key cryptography uses associated key pairs to encrypt data. One key is public and the other key is private. You may have heard of this cryptography method being used in the cryptocurrency industry on blockchains.
By abusing cryptographic systems, cybercriminals can get hold of highly sensitive private data. But how do you do it?
How is cryptovirology used?
As stated by Shivale Saurabh Anandrao in “Cryptovirology: Virus Approach”, the main goal of cryptovirology is to “give malware more privacy and be more resilient from getting caught, as well as giving the attacker more anonymity while communicating with the deployed malware.” In short, it is useful to evade antivirus protocols.
Asymmetric backdoors are very useful in cryptovirology attacks. An asymmetric backdoor is one that can only be used by the attacker responsible for creating it. These are also known as kleptograph backdoors. Unlike typical tailgates, it’s not symmetrical in nature, so even if you find it, you can’t use it.
But cryptovirology does not come in just one form. You can catch cryptoviruses, cryptotrojans, and cryptoworms. These types of attacks can also be used to steal symmetric keys in addition to private keys.
A more well-known use of cryptovirology would be ransomware, as mentioned above. Ransomware attacks are not uncommon, as some large organizations are affected by this variety of malware. Common examples of ransomware include LockBit, WannaCry, and CryptoLocker. Using such programs, people can extort large amounts of money from victims by holding their vital data hostage.
Take the Colonial Pipeline attack, for example. In May 2021, this US-based pipeline system became the target of a major ransomware attack. Using a VPN, a group of Russian hackers (known as DarkSide) managed to remotely compromise the Colonial Pipeline system and halt operations. The attackers demanded a ransom in exchange for the return of normal operations, which Colonial Pipeline ended up paying.
Cryptovirology attacks date back to the mid-1990s, but there have been numerous cases of viruses using cryptography in the past, such as the Tremor virus. While this form of malware did not use cryptography in the payload, it did use cryptography to evade antivirus detection.
Cryptovirology can do a lot of damage
With the ability to evade security detection and steal highly sensitive data, cryptovirology attacks have the potential to do a lot of damage. We have already seen how these programs can target both individuals and organizations, and there is no telling how this will progress in the future.