Proof of work protocols have been applied in cryptography and security literature to a variety of settings, but its most impactful application has been its role in the design of blockchain protocols.

Getty Images

The advent of blockchains has ignited much excitement, not only for their realization of novel financial instruments, but also for offering alternative solutions to classical problems in fault-tolerant distributed computing and cryptographic protocols. Blockchains are managed and built by miners and are used in various settings, the best known being a distributed ledger that keeps a record of all transactions between users in cryptocurrency systems such as bitcoin.

Underlying many such protocols is a primitive known as a proof of work (PoW), which for over 20 years has been liberally applied in cryptography and security literature to a variety of settings, including spam mitigation, sybil attacks and denial-of-service protection. Its role in the design of blockchain protocols, however, is arguably its most impactful application.

As miners receive new transactions, the data are entered into a new block, but a PoW must be solved to add new blocks to the chain. PoW is an algorithm used to validate bitcoin transactions. It is generated by bitcoin miners competing to create new bitcoin by being the first to solve a complex mathematical puzzle, which requires expensive computers and a lot of electricity. Once a miner finds a solution to a puzzle, they broadcast the block to the network so that other miners can verify that its correct. Miners who succeed are then given a fixed amount of bitcoin as a reward.

However, despite the evolution of our understanding of the PoW primitive, pinning down the exact properties sufficient to prove the security of bitcoin and related protocols has been elusive. In fact, all existing instances of the primitive have relied on idealized assumptions.

A team led by Juan Garay has identified and proven the concrete properties either number-theoretic or pertaining to hash functions. They were then used to construct blockchain protocols that are secure and safe to use. With their new algorithms, the researchers demonstrated that such PoWs can thwart adversaries and environments, collectively owning less than half of the computational power in the network.

Garays early work on cryptography in blockchain was first published in the proceedings of Eurocrypt 2015, a top venue for the dissemination of cryptography research.

The techniques underlying PoWs transcend the blockchain context. They can, in fact, be applied to other important problems in the area of cryptographic protocols, thus circumventing well-known impossibility results, a new paradigm that Garay calls Resource-Restricted Cryptography.

Its a new way of thinking about cryptography in the sense that things do not have to be extremely difficult, only moderately difficult, said Garay. And then you can still do meaningful things like blockchains. Cryptocurrencies are just one example. My work, in general, is understanding this landscape and coming up with the mathematics that explain it and make it work.

Excerpt from:
Cryptography In The Blockchain Era - Texas A&M University Today

Open source is becoming mainstream technology, and thats reshaping how it will affect daily life.

An example of this trend can be found in Mays announcement by Red Hat Inc. of an In-Vehicle Operating System in partnership with General Motors Co. While the GM news attracted a great deal of attention, Red Hat also generated buzz during its recent annual Summit event in Boston with the release of RHEL 9 after a three-year wait, deployment of new solutions for securing the software supply chain, and the delivery of managed Ansible Automation for Microsoft Azure.

TheCUBE, SiliconANGLE Medias livestreaming studio, covered the Red Hat Summit event through exclusive interviews with company executives and partners. (* Disclosure below.)

Here are three additional insights you might have missed:

There was a time when computer processing was all about the CPU. Not anymore. This has become the era of the GPU, NPU, DPU and assorted alternative processors to power applications in the modern infrastructure. Edge computing was a significant topic of discussion at this months Summit, and Red Hat has positioned its portfolio to capitalize on this growing space through partnerships with Arm, Nvidia and Intel.

Edge to me is the epitome of a white-space opportunity where ecosystem is essential, said Stefanie Chiras(pictured), senior vice president of partner ecosystem success at Red Hat, during an interview with theCUBE. Edge is pulling together unique hardware capabilities from an accelerator all the way out to new network capabilities and then to AI applications. The number of ISVs building AI applications is just expanding.

An example of this evolution can be seen in the use of the DPU, or data processing unit. Where the CPU handled general-purpose computing, and the GPU accelerated compute, the DPU will play a central role in moving data.

Tushar Katarki, director of product management for OpenShift at Red Hat, envisions a growing role in importance for the DPU, especially as cryptography becomes more essential in network security.

Cryptography is going to take off to new levels, Katarki said in a discussion with theCUBE during the Summit. The DPU can be used to offload your encryption and firewalling. There are a lot of opportunities from an application point of view to take advantage of this capacity.

When Red Hat unveiled RHEL 9 during the Summit, the company noted that it was the first production release built from CentOS Stream. The back story on this was that CentOS Stream replaced the Community Enterprise Linux Operating System acquired by Red Hat in 2014 and discontinued in 2020, a move that was not positively received by CentOS users.

The friction over this issue stems from the fact that CentOS was widely used in the enterprise world. An executive from MongoDB Inc. claims that CentOS runs most of the telecom infrastructure in China. A significant portion of Facebooks operation is CentOS-based as well. Over a decade ago, open-source CentOS was the most popular Linux distribution for web servers.

Red Hat made it clear in 2020 that it would cease supporting CentOS starting from 2022 and would focus its efforts on the new upstream RHEL version, called CentOS Stream. The problem for some in the open-source community was a belief that the newer version lacked the stability of the original CentOS offering.

In theCUBEs Summit interview with Gunnar Hellekson, general manager of the Enterprise Linux Business Unit, the Red Hat executive explained the companys rationale for the switch from CentOS to CentOS Stream with the latest RHEL release.

We need a better way to allow partners to work together with us further upstream from the actual product development, Hellekson said. Thats why we created CentOS Stream the place where we host the party and people can watch the next version of Red Hat Enterprise get developed in real time. Partners can come in and help; customers can come in and help.

In his keynote address during the Summit this month, Red Hat Senior Vice President and CTO Chris Wright described how the placement of processors in his ski boots made him a better skier.Wrights example can be extrapolated to use cases where compute and hardware combine to create a better outcome. Chips help make driving an automobile safer today and improve the ability of diagnostic devices to provide critical information for heart patients.

The edge revolution is doing more than creating compute processing in standalone devices. It is reshaping the meaning of the hybrid world to include the melding of physical and virtual. This will be a key part of Red Hats strategy in the future.

Because of the compute capabilities that we have in hardware, hardware gets more capable with lower power that can bring certain types of accelerators into the mix, said Wright, during his appearance on theCUBE. You create this world where whats happening in a virtual context and whats happening in a physical context can come together through this distributed computing system. Our view is: Thats hybrid. Thats what weve been working on for years.

You can catch up on SiliconANGLEs and theCUBEs complete coverage of the Red Hat Summit event on theCUBEsdedicated event channel.

(* Disclosure: TheCUBE is a paid media partner for Red Hat Summit. Neither Red Hat, the sponsor of theCUBEs event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Go here to see the original:
Three insights you might have missed from the Red Hat Summit event - SiliconANGLE News

Ransomware has grown to become a potential threat for all organizations, sparing no industry or size bracket in its goal to capture files and other company assets. Where theres data, theres an opening for threat actors to hold this sensitive information ransom and demand payment for its release.

Its imperative for all organizations to have a plan for how to prevent and respond to ransomware attacks. But in order to understand how to prepare today, its also necessary to understand how ransomware has evolved to reach its current state.

The first ransomware attack is generally regarded as the AIDS trojan. It is named for the 1989 World Health Organization (WHO) AIDS conference, at which biologist Joseph Popp handed out 20,000 infected floppy discs to event participants. After a user had booted up ninety times, the names of the users files would be encrypted and the below message would appear, asking victims to send US$189 to a PO box in Panama. The ransomware was relatively easy to remove using online decryptor tools.

After this first event, no notable developments in the field of ransomware took place until 2005, when ransomware reemergedthis time using secure asymmetric encryption. The Archiveus trojan and GPcode were the most notable of these early ransomwares. GPcode attacked Windows operating systems, first using symmetric encryption and later, in 2010, using the more secure RSA-1024 to encrypt documents with specific file extensions.

The Archiveus trojan, the first ransomware to use RSA, encrypted all files in the My Documents folder. They could be decrypted with a thirty-digit password provided by the threat actor after the ransom was paid.

Despite the effectiveness of these encryption algorithms, early ransomware variants had relatively simple code, which allowed antivirus companies to identify and analyze them. The Archiveus password was cracked in May 2006, when it was found in the source code of the virus. Similarly, until GPcode switched to RSA, file recovery was often possible without a password, leading cybercriminals to prefer hacking, phishing, and other threat vectors.

In 2009, the Vundo virus emerged, which encrypted computers and sold decryptors. Vundo exploited vulnerabilities in browser plugins written in Java, or downloaded itself when users clicked on malicious email attachments. Once installed, Vundo attacked or suppressed antimalware programs such as Windows Defender and Malwarebytes.

Shortly after, in 2010, the WinLock trojan emerged. Ten cybercriminals in Moscow used the software to lock victims computers and to display pornography until the victims sent them roughly $10 in rubles. The group was arrested in August the same yearthough the scheme first garnered US$16 million.

In 2011, the software was upgraded to pretend to be the Windows Product Activation system. The malware seemed to be requiring a reinstall of the software due to fraudulent use, and ultimately extorted data from victims.

Reveton ransomware, which emerged in 2012, was a type of scareware that displayed messages to its victims claiming that it was US law enforcement and that the user had been detected viewing illegal pornography. In some cases, it activated the users camera to imply that the user had been recorded. It also demanded that the victim pay in order to avoid prosecution.

A variant of this ransomware also emerged for Mac, although it was not cryptographic. It was made up of 150 identical iframes that each had to be closed, so the browser appeared to be locked.

As more ransomware variants emerged, the number of recorded ransomware attacks increased nearly fourfold from 2011 to 2012.

In the second half of 2013, CryptoLocker emerged. CryptoLocker was a pioneer in several ways: It was the first ransomware to be spread by botnetin this case the Gameover Zeus botnetthough it also used more traditional tactics, such as phishing. Also notable was that CryptoLocker used 2048-bit RSA public and private key encryptions, rendering it especially difficult to crack. CryptoLocker was not stopped until its associated botnet, Gameover Zeus, was taken down in 2014.

The first true ransomware for Mac, FileCoder, was also discovered in 2014, although it was later found to have originated as early as 2012. The malware was never finished, as, although it encrypted files and demanded payment, the only files it encrypted were its own.

Other noncryptographic attacks on Mac infrastructure were more successful that year. 2014 also saw the Oleg Pliss attack, in which a threat actor used stolen Apple account credentials to log in to accounts and then used those accounts to remotely lock iPhones, using the find my iPhone feature. They then demanded a ransom for the phone to be unlocked.

Just as Oleg Pliss targeted iPhones, 2014 also saw the first cryptographic attack on mobile devices, with Spyeng targeting Android. Spyeng also sent messages to everyone in the victims contacts list with a download link to the ransomware.

The first successful cryptographic ransomware attack on Mac was in 2016, and was known as KeRanger. Tied to version 2.90 of the torrenting client Transmission, the ransomware locked a victims computer until 1 bitcoin (US$400 at the time) was paid to threat actors.

Another ransomware for Mac, Patcher, aka filezip, emerged in February 2017. It also infected users via torrenting, in this case by pretending to be a cracker for popular software programs such as Office 2016 or Adobe Premiere CC 2017. Notably, due to flaws in its design, Patcher could not be decrypted, whether the ransom was paid or not.

The success of CryptoLocker led to a significant increase in ransomware varieties. CryptoWall emerged as a successor to CryptoLocker, becoming known in 2014, although it had actually been circulating since at least November 2013. Spread largely through spam phishing emails, by March 2014 CryptoWall had become the leading ransomware threat. CryptoWall proved especially tenacious, and some reports suggest that by 2018 it had caused US$325 million of damage.

By 2016 ransomware variants were becoming increasingly frequent. The first ransomware- as-a-service (RaaS) variants emergedpartnerships in which one group writes the ransomware code and collaborates with hackers, who find vulnerabilities in systems. Some of the better-known were Ransom32 (the first ransomware to be written in JavaScript), shark (which was hosted on a public WordPress site and made available on the basis of an 80/20 split, distributors favor), and Stampado (which was available for just $39).

2016 also saw the emergence of the well-known Petya ransomware. Initially the ransomware was less successful than CryptoWall, but on June 17, 2017, a new variant emerged, dubbed notPetya by Kaspersky to differentiate it from the original version. It began in Ukraine and quickly spread worldwide via the EternalBlue Windows vulnerability discovered by the NSA. According to the White House, NotPetya was responsible for US$10 billion in damage. The governments of the United States, United Kingdom, and Australia blame Russia for the malware.

LeakerLocker, a mobile ransomware for Android, also emerged in 2017. Unlike more traditional ransomware, LeakerLocker did not actually encrypt any files. Embedded in malicious applications on the Play Store that requested elevated permissions, LeakerLocker displayed sample data from the users phone and claimed it would send the users entire phone contents to every person in their contacts list if a ransom was not paid.

WannaCry ransomware, one of the best-known crypto ransomwares, also emerged in 2017. Like notPetya, WannaCry spread via the EternalBlue exploit. After emerging in May 2017 it infected about 230,000 computers in 150 countries, causing $4 billion in damage. Although Microsoft had already released a patch for this exploit two months before the emergence of WannaCry, many users had not updated their systems, so the ransomware was able to spread.

Related Reading: Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

The ransomware would likely have been far more damaging had it not been halted a few days after the attack began by the efforts of Marcus Hutchins, who discovered that the ransomware had a built-in kill switch that could be activated. Despite Hutchins role in stopping the global outbreak of WannaCry, he was subsequently arrested and imprisoned by the FBI for unrelated hacking charges. Several major governments attributed WannaCry to North Korea.

January 2018 was a watershed moment for ransomware, marking the emergence of GandCrab. Although GandCrab by itself was not particularly unusual, the developers continued to release more and more advanced versions and eventually integrated it with the Vidar information-stealing malware, producing a ransomware that both stole and locked a victims files. GandCrab quickly became the most popular RaaS, and the most active strain of ransomware between 2018 and 2019.

Team Snatch, a team of threat actors that emerged in 2018, was a partner of GandCrab, and ushered in the new trend of publishing victim data in order to extort payment. Team Snatch began to publish victim data in April 2019. Snatch was formed by threat actor Truniger, who operated on Exploit. On April 28, 2019, Truniger posted on Exploit that Citycomp, one of their victims, had refused to pay a ransom and would therefore have their data publicly posted.

However, GandCrab ransomware is now no longer used after the developers announced they would be retiring on June 1, 2019, and the FBI released decryption keys for the ransomware in July 2019.

Although Team Snatch disappeared in 2019 following a dispute on the Exploit forum, their actions set the stage for Maze ransomware and the rise of the leaks sites.

In November 2019, the Maze ransomware group leaked 700 MB worth of documents stolen from Allied Universal in an attempt to pressure them and future victims into paying the ransom. This set off a trend of ransomware groups establishing leaks sites to pressure their victims. By publishing stolen data, ransomware operators expose a victim to additional financial loss if, for example, sensitive financial data, customer personally identifiable information (PII), or trade secrets are exposed.

This additional leverage can be especially effective if a victim has backed up their dataand therefore lacks an incentive to pay extortionists for a decryption key alone. The new technique ultimately means that backing up data no longer mitigates the threat of ransomware attacks.

This new technique has vastly increased the visibility of ransomware, and appears to have increased its popularity as well. In 2020 the NetWalker group alone made over $25 million.

Since Maze ransomware began posting victim data, other ransomware groups have posted their own sites. Several of these ransomware families emerged out of prior partnerships, with adverts gaining experience collaborating with a ransomware group before setting up their own. The increased visibility has also led to cooperation between the ransomware groups, with Maze forming a cartel of ransomware groups that share tactics, techniques, and procedures (TTPs) and resources.The Sodinokibi ransomware family has been another notable actor in this space. Sodinokibi emerged to fill the space that was left when the GandCrab threat actors retired. Run by the REvil collective, it has become one of the most damaging ransomware groups, with more victims posted than any provider other than Maze.

Today, ransomware continues to threaten organizations and accounted for over $42.9 million in losses in 2021 according to the FBIs 2021 Internet Crime Report. Beyond the headlines, it is something companies of every size and in every sector must be aware ofdedicated and well-researched protocols for what to do in the event of an attack have become a mission part of every organizations security and defense arsenal.

Recommended Reading: Top 10 Ransomware Trends: Board Responsibilities, Tracking Ransomware, and Mitigating Risk in 2022

The rise of ransomware was a gradual process spanning more than thirty years. Its popularity was influenced both by the technologies supporting it, such as encryption methodologies and malware integration, and the technologies around it, such as Bitcoin and the anonymous Tor network, that allowed it to grow from a tool used by a single hacker or group into one run by a collective.

Although ransomware has not replaced other forms of malware per se, it has become an increasingly popular choice for threat actors as the barrier to entry becomes lower. Whereas a ransomware attack used to require years of development, cryptography, and penetration testing experience to execute, and would yield only a moderate profit, RaaS programs now proliferate on illicit and underground web forums, allowing threat actors to partner with ransomware authors easily and cheaply. Furthermore, these RaaS programs are highly developed, with user dashboards, guides, and technical support.

Finally, the payoff is getting bigger. As tools such as Cobalt Strike and Metasploit automate advanced penetration testing, and illicit communities such as Genesis Market offer increasingly advanced access to corporate networks, access to corporations is becoming more available, and ransomware demands bigger and more profitable. The integration of ransomware with data exfiltration allows for even higher ransoms, by threatening legal action for the victim corporation. For all these reasons, ransomware continues to grow in both its influence and destructive capacity.

Your organizations data, infrastructure, and personnel are valuabledont let threat actors take advantage of them. Sign up for a free trial and see firsthand how Flashpoint cybersecurity technology can help your organization access critical information and insight into ransomware actors and their tactics, techniques, and procedures (TTPs).

Original post:
The Evolution of Ransomware: Understanding Its Past, Present, and Future - Security Boulevard