*** Welcome to piglix ***

Cryptovirology


Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. The field was born with the observation that public-key cryptography can be used to break the symmetry between what an antivirus analyst sees regarding malware and what the attacker sees. The antivirus analyst sees a public key contained in the malware whereas the attacker sees the public key contained in the malware as well as the corresponding private key (outside the malware) since the attacker created the key pair for the attack. The public key allows the malware to perform trapdoor one-way operations on the victim's computer that only the attacker can undo.

The first cryptovirology attack, invented by Adam L. Young and Moti Yung, is called "cryptoviral extortion" and it was presented alongside a paper at the 1996 IEEE Security & Privacy conference. In this attack a cryptovirus, cryptoworm, or cryptotrojan contains the public key of the attacker and hybrid encrypts the victim's files. The malware prompts the user to send the asymmetric ciphertext to the attacker who will decipher it and return the symmetric decryption key it contains for a fee. The victim needs the symmetric key to get the files back if there are no backups of them. The 1996 IEEE paper predicted that cryptoviral extortion attackers would one day demand e-money, long before bitcoin even existed. Many years later the media relabeled cryptoviral extortion as ransomware. In 2016 cryptovirology attacks on healthcare providers reached epidemic levels prompting the U.S. Department of Health and Human Services to issue a Fact Sheet on Ransomware and HIPAA. The fact sheet states that when electronic protected health information is encrypted by ransomware a breach has occurred and the attack therefore constitutes a disclosure that is not permitted under HIPAA. The rationale being that an adversary has taken control of the information. This expansion of the term "breach" to account for cryptoviral extortion is monumental since now a "breach" can happen even when sensitive data never leaves the victim organization. California enacted a law that defines the introduction of ransomware into a computer system with the intent of extortion as being against the law. This is SB-1137 that amends Section 523 of the Penal Code.


...
Wikipedia

...