ТОП просматриваемых книг сайта:
Ransomware Protection Playbook. Roger A. Grimes
Читать онлайн.Название Ransomware Protection Playbook
Год выпуска 0
isbn 9781119849131
Автор произведения Roger A. Grimes
Жанр Зарубежная компьютерная литература
Издательство John Wiley & Sons Limited
244 232
245 233
246 235
247 236
248 237
249 238
250 239
251 240
252 241
253 242
254 243
255 244
256 245
257 246
258 247
259 248
260 249
261 250
262 251
263 252
264 253
265 254
266 255
267 256
268 257
269 258
270 259
271 261
272 262
273 263
274 264
275 265
276 266
277 267
278 268
279 269
280 270
281 271
282 272
283 273
284 274
285 275
286 276
287 277
288 278
289 279
290 280
291 281
292 282
293 iv
294 v
295 vii
296 viii
297 ix
298 xi
299 xii
300 283
Ransomware Protection Playbook
Roger A. Grimes
Introduction
I've been doing computer security since 1987, for more than 34 years now. I remember the first ransomware program I, or anyone else alive at the time, saw. It arrived in December 1989 on a 5-1/4″ floppy disk and quickly became known as the AIDS PC Cyborg Trojan.
Wess didn't call it ransomware then. You don't make up entirely new classification names until you get more than one of something, and at the time it was the first and only. It remained that way for years. Little did we know that it would be the beginning of a gigantic digital crime industry and a huge blight of digital evil across the world in the decades ahead.
It was fairly simple as compared to today's ransomware programs, but it still had enough code to thoroughly obfuscate data, and its creator had enough moxie to ask for $189 ransom in order to restore the data. The story of the first ransomware program and its creator still seems too strange and unlikely even today. If someone tried to duplicate the truth in a Hollywood hacker movie, you wouldn't believe it. Today's ransomware creators and gangs are far more believable.
Dr. Joseph L. Popp, Jr., the creator of the first ransomware program, was a Harvard-educated evolutionary biologist turned anthropologist. He had become interested in AIDS research and was actively involved in the AIDS research community at the time of his arrest. How he got interested in AIDS research isn't documented, but perhaps it was his 15 years in Africa documenting hamadryas baboons. Dr. Popp had co-authored a book on the Kenya Masai Mari Nature reserve in 1978 (https://www.amazon.com/Mara-Field-Guide-Masai-Reserve/dp/B000715Z0C
) and published a scientific paper on his baboon studies in April 1983 (https://link.springer.com/article/10.1007/BF02381082
). AIDS is thought to have originated from nonhuman primates in Africa, and those theories were starting to be explored more around the same timeframe as people searched for “patient zero.” Dr. Popp was in the right place at the right time. His study of one could have led to the other.
Back in the late 1980s, AIDS research and understanding was fairly new and very rudimentary. There was still a widespread fear of the relatively new disease and how it was transmitted. Unlike with today's treatments and antivirals, early on, getting HIV/AIDS was a death sentence. At the time, many people were afraid of kissing or even hugging people who might have AIDS or were in high-risk groups. There was great interest for the latest information and learnings, inside and out of the medical community.
No one besides Dr. Popp knows why he decided to write the world's first ransomware program. Some have speculated he was disgruntled at not getting a much-desired job in the AIDS research industry and wanted to strike back, but it can just as easily be stated that he just wanted to make sure he got paid for his work. Still, there are definite signs of hiding and malevolent intent from a man who knew his creation would not be taken well. It's hard to say you didn't know something was illegal when you try to hide your involvement.
Dr. Popp purchased a mailing list of attendees from a recently held October 1988 AIDS conference in Stockholm put on by the World Health Organization and purportedly also used the subscriber lists of a UK computer magazine called PC Business World and other business magazines.
Dr. Popp created the trojan horse program using the QuickBasic 3.0 programming language. It must have taken him months of code writing and testing. When he was finished, he copied it onto more than 20,000 disks, applied labels, printed accompanying usage instructions, applied postage manually, and then mailed them to unsuspecting recipients in the United States, United Kingdom, Africa, Australia, and other countries. Dr. Popp must have had help doing all of this, because creating 20,000 software packages and manually applying postage would likely have taken weeks and weeks of work by one person. But no other person's involvement was ever declared in court documents or volunteered by Dr. Popp.
The trojan floppy disk was labeled “AIDS Information Introductory Diskette” (see Figure I.1).