What is the development history of the Bitcoin virus?

The past and present life of ransomware

In fact, the recent wncry virus is not the first time that ransomware has shown its power. Not long ago, a ransomware also appeared on the Android system, which encrypted the phone and demanded ransom. After this software was killed, it soon came back with an upgraded version - this new version of ransomware uses random keys to infect files. Even the attackers don't know how to unlock them, and even if users pay the ransom, it will be in vain.

We see that with the continuous development of IT technology, although there are many IT practitioners, the main employment personnel are basically concentrated in fields such as mobile platforms, cloud and artificial intelligence. The most popular programming languages ????are also composed of C and C++ for low-level operations have gradually evolved into managed JAVA and even the modeling-oriented GO language. The field of information security is a technology that is directly oriented to the bottom. There are fewer and fewer people engaged in low-level programming, which means that the base of information security practitioners is getting smaller and smaller. The direct consequence of this phenomenon is that the network world is falling behind. Technology can attack advanced technology, which is very similar to the invasion of advanced civilizations by backward barbarians in human society. The recent revelation that the wncry virus may have originated from North Korea also confirms this trend from the side. Some organizations and even countries are not equipped to engage in high-end technology, but the viruses they wrote can run rampant around the world. Ransomware hackers have further expanded the scope of attacks, such as online games, smart cars and wearable devices, and a large number of vulnerabilities have emerged. Looking back at the history of this type of software can be roughly divided into the following stages.

1. Original stage:

The earliest ransomware appeared in 1989, named "AIDS Information Trojan". This Trojan replaces system files and counts when booting. Once the system has been started 90 times, the Trojan will hide multiple directories on the disk and all file names on the C drive will be encrypted, causing the system to fail to start. At this time, a message is displayed on the screen claiming that the user's software license has expired and requires mailing $189 to unlock the system.

The Redplus ransomware Trojan that appeared in 2006 was the first ransomware in China. The Trojan hides user documents and then pops up a window to demand ransom, ranging from 70 yuan to 200 yuan. According to statistics from my country's Computer Virus Emergency Response Center, there are more than 580 reported cases of infection with the virus and its variants across the country. In fact, the user's files were not lost, but were just moved to a folder with hidden attributes.

2. New development period, Bitcoin ransom stage:

Starting from CryptoLocker in 2013, ransomware has entered a new development period, and Bitcoin has entered the hacker's vision. CryptoLocker can infect most Windows operating systems and is usually spread through email attachments. After the attachment is executed, it will encrypt specific types of files, and then a payment window will pop up. Starting from this software, hackers began to require institutions to pay ransoms in Bitcoin. , and it was this software that brought the hacker organization nearly 41,000 Bitcoins in income. According to the latest market price of Bitcoin, the value of these Bitcoins is nearly 1 billion US dollars.

3. The trend of ransomware platformization and open source:

A ransomware development kit called Tox was released in the middle of the year in 2015. Through the registration service, anyone can Ransomware can be created, and the admin panel will show the number of infections, the number of people who paid the ransom, and the overall revenue. The founder of Tox charges 20% of the ransom.

In the second half of 2015, Turkish security experts released an open source ransomware called Hidden Tear. It is only 12KB. Although it is small in size, it has all the internal organs. This software is very well designed in terms of propagation module and destruction module.

Although hackers from Turkey have repeatedly emphasized that this software is to let people know more about how ransomware works, as an open source of ransomware, it has still caused a lot of controversy. After reading the source code of this ransomware, The author also suddenly realized that the original ideas and methods of programming are really unique. Destructive thinking and constructive thinking are indeed completely different styles.

4. The trend of combining with the theft of private information from the public

In recent years, intrusions and de-databases have been targeted at some express hotel accommodation systems and private hospital HIS systems (de-database refers to hacker intrusions) Incidents of information theft after entering the system are frequent. Before 16 years ago, hackers usually only stole the information quietly and sold it on the black market. However, now hackers have to target hospitals before selling the private information. and hotels for extortion. At the end of last year, a medical center in Hollywood, USA, was compromised by hackers and demanded a ransom of US$3.4 million. Although the hospital finally paid US$17,000 after some bargaining and resumed operations, the hospital's medical records soon appeared on the data black market. superior.

Moreover, recent ransomware viruses have significantly strengthened the construction of "user experience" and will give users strong psychological implications. For example, some of the latest ransomware designs the UI into an interface that cannot be exited, and the ransom is paid at any time. The price of time increases, and a countdown will also enhance the sense of urgency.

Why Bitcoin

I saw a lot of articles on the Internet saying that the hacker who created the wncry virus chose Bitcoin because Bitcoin transactions cannot be traced. In fact, This statement is not rigorous. Bitcoin is essentially a distributed ledger. Every transaction needs to be broadcast to the entire blockchain network, otherwise it is not a legal transaction. To summarize, the characteristics of its circulation are anonymous account opening and transparent transactions. On the other hand, cash transactions require real-name account opening, but the use of the cash after the customer withdraws it is no longer transparent.

The emergence of Bitcoin has also raised new issues for supervision. The supervision methods for existing currencies are definitely not applicable to Bitcoin. The lack of regulatory measures is also one of the main reasons why hackers currently prefer Bitcoin as ransom.

Here is another brief review of the Bitcoin fork debate. We know that Bitcoin transactions must be broadcast to the entire blockchain network. Imagine if everyone used a loudspeaker to shout loudly. The system must have collapsed. Satoshi Nakamoto, the founder of Bitcoin, limited the Bitcoin network to process 7 transactions per second when he first established Bitcoin. If this transaction speed is used to process Alipay’s Double 11 last year, The transaction volume (approximately 1.05 billion) will probably take nearly 5 years to complete.

At present, Bitcoin players are roughly divided into two groups. One group believes that Bitcoin’s transaction speed of 7 transactions per second has become one of the core features of Bitcoin and should not be upgraded. The other group believes that the processing speed of the Bitcoin network is too slow, which has seriously affected the promotion of Bitcoin, and should be upgraded. So if one party forcibly upgrades and the other party does not follow up, then Bitcoin will most likely split into two branches. This is also the most important reason for the sharp correction in Bitcoin prices at the beginning of the year.

Judging from the current situation, the Bitcoin fork debate shows no signs of easing, but the emergence of Bitcoin ETFs and the wncry virus has rapidly pushed the price of Bitcoin to new highs. I personally think that Bitcoin has a high probability of exceeding 20,000 RMB in the short term, but considering that there are currently no fork disputes among Litecoin and other variants, from an investment perspective, if Bitcoin falls due to fork disputes again, then this In fact, it is good for Litecoin, so if readers hold a large amount of Bitcoin but do not want to sell it, they can consider going long Litecoin for hedging.

From an information security perspective, the fork issue is likely to affect Bitcoin’s continued status as a ransom for ransomware viruses. The author believes that a virus that accepts Litecoin and Ethereum as ransom is about to be born.

However, blockchain currencies are more or less troubled by processing speed and it is not easy to upgrade encryption algorithms. In the long run, the risks are relatively high, and there are obvious signs of short-term price manipulation. If you don't have strong mental endurance, just watch their trajectory.