History of Cryptography
Cryptography is defined as the science of analyzing and deciphering codes and ciphers. A technique for hiding and protecting information that’s been around for thousands of years. It was used by the Egyptians and later in Mesopotamia.
During the Second World War, the allies were compelled to work assiduously in breaking the encrypted messages of German communications, which was unquestionably a decisive turning point in history.
Now we return to the present, and in the light of cybernetic warfare, our attention is drawn to the concept of Ransomware. A recent trend that has established itself on the internet and the world of computers.
One such piece is Princess Evolution Ransomware, a strand of malicious software that uses cryptography much to the disadvantage of the victim.
Incidentally, any user searching for the phrase online will find the evolution of the cartoon princess through the years.
Princess Evolution is essentially malicious software (Malware) falling under the computer vernacular as the term ‘Ransomware’ which defines a piece of software designed to block access for the user until a sum of money has been paid.
This brand of Ransomware is more villainous than a piece of typical Malware as it cannot be simply remedied with an antidote. Princess Evolution is styled as a Ransomware as a Service (RaaS), and it appears that on underground criminal forums a movement has begun recruiting members who willingly distribute the virus in exchange for a fractional cut.
So far the payment takes the form of 0.24 in bitcoin which translates to around $700. The recruit gets 60% while the host-creator gets 40%.
Understanding the Virus – The Key
It’s above all necessary to expound upon the process of encryption and the components therein. An encryption is usually a reversible process, where the design itself holds a method of decrypting the information back to its original form. There are two factors that determine whether a technician will be able to break or undo an encryption:
- Knowledge and the design of the cipher currently in use
- Possession of the cipher key or ‘Crypto-variable’
A cipher key is a piece of information used in conjunction with the encryption, which comes in either in the form of text, a pass-phrase or a series of bits. Possession of such a thing could denote simply knowledge of, as it is not literally physical. The key is factored into the algorithm and serves to align and guide the arrangement of the message, in accord with the algorithm. And it is this key whereupon the ransom being settled would allow the user to revert their system back to normal.
The Virus Infection
How this piece of malware works? It is a matter of the candidate incurring the infection upon their computer, presumably without their knowledge, and the entity behaves like any malware, proceeding to work behind the scenes of the operating system, disseminating itself throughout the file system.
In the case of Princess Evolution Ransomware, it first embeds itself in the registry of the Operating System leaving a mark on the current computer as one flagged for infection. This is to stop it re-infecting the host more than once.
It creates from this point, a unique ID for reference, which in turn is used to generate the Cipher Key itself, and this information is surreptitiously sent over an online channel back to the overseer who stores and monitors the harvested information.
The term ‘overseer’ denotes the host criminal gathering the information via an interface named the Command & Control panel, a piece of software created to receive the automated feedback from the virus.
At this point, the virus begins to encrypt or infect random files on the hard-drive. The infected files are marked by a garbled file extension, and the virus audaciously leaves in the folder a set of instructions to be read which relay the user to the home page of Princess Evolution, where the payment option eventuates.
As it is, all the infected subjects who’ve had their files compromised are stored on a Database privy to the overseer whom only upon receiving payment will release the Cipher Key correlating to the user ID.
As it was said before the virus is incurred via some channel where it finds itself upon the file system of the user. While there is a superstition that one is in danger while serving the net as if prone to an electric attack – though it sounds plausible – it’s a little more complex than that.
Experts unanimously agree that the RIG Exploit Kit is frequently used in the dissemination of the virus. The ‘RIG Exploit Kit’ is a piece of software developed by hackers that are used to locate and target neglectful websites with bad security, and then inject them with harmful scripts.
Once these websites have been altered, their scripts contain an added layer of code that downloads the harmful software onto the machine of the visiting client.
This is admittedly an uncommon way that a virus would travel between host machines, compared to the traditional method of luring a user to voluntarily open a virus while in their operating system, unwittingly.
The Princess Evolution Site
The site itself appears slick and glamorous in its own right and apparently allows the user to submit a single file for a decryption free of charge, to prove the value of their questionable resolve.
It is interesting to note that if the single file that is demonstrably decrypted is done so in an automated fashion, it proves that the details submitted by the user inexplicitly consist of the Cipher Key itself and might hold some clue unto engineering a reverse process.
Though it is clear that technicians who’ve written on the subject are reluctant to perform empirical trials regarding the current situation as they’re usually reporting on someone genuinely affected, and do not want to waste their free decryption sample.
It must be noted that the aforementioned underground forums are said to be found via the Dark Web.
The Dark Web is not to be confused with the Deep Web, the latter being web pages that inaccessible through surfing the internet, such as a profile configuration panel or an inbox page for an email account.
The Dark Web is part of the internet that requires a specifically configured browser to access. While not exclusively used for criminal activities, it is from this uncharted plain that these reprehensible chains of extortion emanate.
One might question why the authorities have not honed in on the source of these activities and put a stop to this fraud and theft, and the reasons encompass a considerable range of feasibility.
First of all the sites are hosted across scattered locations traveling through various proxy nodes and Virtual Private Networks (VPNs) that often resolve to countries where the laws of computer infringement are tolerably lax or simply beyond jurisdiction.
And second, the process of tracking the perpetrator and proving them answerable for a deliberate act of extortion requires a barrage of litigation, of which eventually seems incommensurate with the struggle itself.
It is self-evident that all people of from all nations are susceptible victims to this cyber-crime, hence the wide language options on the Princess Evolution site itself.
Though it is implicitly hinted by the stilted command of the English messages innate within the virus that the writers might be of foreign origin.
But there is little need to profile the type of character capably prone to contrive this menace, as history has shown there has always been a handful of people with a certain affinity towards machines and technical minutia. The fact that they choose the route of sabotage, criminality, and exploitative acts is nothing to be impressed by.
Critics and experts are on the brink of realizing that the term Cyber Warfare itself has become a glorified term, especially regarding the media and entertainment.
In the news and on television, crimes committed via a computer or smartphone have been sensationalized into a fashionable notion, and most of the scenes distort the impression of technology far beyond the criteria of reality.
It is important to not distinguish the cyber-criminal as an individual remarkable or exempt from reprove.
The Cure for the Virus
Lamentably, there is no immediate and reliable way of reversing the encryption process. As it is seen online, many technicians encourage users to provide an isolated sample of the application, which if given could facilitate the creation of what could be dubbed an antidote.
Ordinarily, if a computer was tasked to undo or break an encryption, it would re-iteratively analyze the target file and perform a series of brute-force rearrangements and comparison, until it identifies a match or pattern serving to reverse the encryption.
Although the term ‘brute-force’ is implied, there are previously known encryption patterns factors into the solving algorithm.
Prevention of the Virus
There is much to be said about safeguarding a user’s machine by reminders of careful practice and measures taken when comporting oneself in the world today.
It has been agreed upon that the ‘RIG Exploit Kit’ program is used to find exploits and weak-points upon neglected websites and alter their script so they, in turn, infect visitors with the virus.
But in theory and in practice the worst thing a user can do, and the best thing the insurgent can hope for is getting a person to unwittingly execute a program on their machine. By execute, we mean that one singular act of double-clicking on a .exe program, which is the only step needed to permissibly unleash something fatal upon your machine.
The Princess Evolution virus itself is said to be only 300 kilobytes in size, but that translates to 300 000 characters of typed instruction which is more than enough to instill a directive of infection, corruption and re-cyclic dissemination.
To refer to the vernacular of computer terminology, some argue between the classifications of inimical software, as they bandy between words like Malware, Trojan, Virus, and Spyware. This is due to the nuances of interpretation concerning their life-span and behavioral patterns.
In any case, it is that definitive step of the user inadvertently led to opening and executing a file willingly upon their computer, and the inimical software knows how to piggyback itself upon files that appear harmless.
The Target Audience
It is inexplicitly confirmed that Princess Evolution only targets computers running Microsoft Windows. And this brings to question why other platforms are not susceptible to infection?
An experienced technician will reveal that Linux and Apple (and smartphones) both run on an Operating System that is inherently Unix-orientated, an entirely different structural dynamic compared to Windows and that whoever wrote the virus would need to account for.
The amount of people running Windows on their machines is more than enough to encompass a target criteria to unleash a virus upon. There is also the unspoken grudge that self-styled hackers fancy themselves opposed to Microsoft in a gesture of rebellious support.
As it is in order to combat infection, there must be careful measures instilled within the minds of people regarding self-protection and hygienic (for lack of a better word) computer practice. Such overt acts like the blissful download of an uncharted email attachment or the installation of untrusted software should be prevented.
It is usually those people, searching for a software crack or tricked while downloading a song. All those habitual things experienced and performed daily.
Especially in an academic environment where students fervently exchange media over flash-disks indiscriminately, while half of them know very little about maintaining and nurturing a computer system. Just an adequate increase awareness which will eventuate into common sense will bring about resistance to these infections.
The Way Forward
So, as we move forward into an age where proponents of technology boast of a better transition into Bit-Coin, where products are bought in a world immeasurable to the senses and people daily are embroiled in their smartphones, a group of perpetrators decide to capitalize midst the busy noise. Princess Evolution Ransomware was not the first, and it won’t be the last of these kinds of tactics.
It would be advisable for the user to equip a level of awareness that equates to self-protection and steady observation. Don’t download an attachment from strangers and don’t put an unprotected flash drive in your laptop.
Principles of Information Security: Michael E. Whitman
Oxford: Dictionary of Psychology