2021 - 2011: A Computer Virus Timeline

There have been plenty of malware examples in the wild going back the last ten years. It makes the average computer user nervous browsing the web. By looking at some of the different kinds, we can be better informed and a gain a little confidence back.

2021 – Black Kingdom Ransomware

The most recent example is the Black Kingdom Ransomware. This ransomware takes advantage of unpatched exchange servers “against the ProxyLogon exploit” (Loman, 2021). Once the attacker has gained access to the victim’s computer, they encrypt files and demand payment in return to unencrypt. The ransomware was discovered by Sophos Telemetry on March 18, 2021. Exchange servers need to download the patch provided by Microsoft to protect their systems.

2020 – Cryptomix Ransomware

This ransomware was discovered on March 16, 2020. The victim’s computer is infected via emails, websites, and exploit kits. The malware pretends to be a campaign representing “a real children’s charity” (Infloblox, 2019) and states that “the victim’s ransom payment [is] for a good cause” (Infloblox, 2019).

2019 – Titanium Trojan

This virus was released by the Platinum hacking group in November of 2019. It is an “advanced backdoor malware APT” (Ophtek, LLC, 2019) that reads or deletes files, edits PC settings, and retrieves server commands. While legitimate software downloads, it installs itself in the background with unprecedented discretion.

2018 – Thanatos Ransomware

This virulent ransomware was discovered by the MalwareHunter Team in 2018. After the program encrypts all the user’s files, it attaches the “.THANATOS extension to the name of each compromised file” (Meskauskas, 2020) and renders the files unusable. The ransom message is stored in a text file titled “README.txt on the desktop” (Meskauskas, 2020).

2017 – WannaCry Ransomware

One of the most famous virus’ to hit the internet community. Cybercriminals used this software to encrypt victim’s files or lock user’s out of their systems altogether and demanded money in return to unencrypt. If they did not comply within three days, victim’s “were told that their files would be permanently deleted” (Kaspersky). User’s data was at the mercy of the criminals unless they paid the $600 ransom. This was a unique virus in that it accepted Bitcoin as an acceptable currency to pay ransom. Computers running on Microsoft Windows operating system were targeted because of an identified weakness. Around 230,000 users were impacted internationally.  

2016 – MEMZ Trojan

This virus was initially created as a joke. It infects victim’s computers via “emails attachments, software downloads, and infected websites” (Simmyideas, 2021). Once inside the victim’s computer, the virus targets the boot sector. When the victim turns on their computer, several things can happen including settings changes, remote control, and video surveillance. The virus requires professional troubleshooting and will likely permanently render the device useless.

2015 – BASHLITE Malware

This malware specifically targets Internet of Things devices running on Linux. Its primary mode of attack is via brute force directed at susceptible devices to steal credentials and gain access to other devices. Once access is gained, BASHLITE adds the device to its army of DDoS botnet zombies for the attacker. There is a great variety of IoT devices that were compromised, “especially security cameras” (Waqas, 2016).

2014 – Regin Trojan

On November 24, 2014 tech company Symantec published a report on the Regin Remote Access Trojan. This trojan had several capabilities including the ability to “take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization” (Cybersecurity & Infrastracture Security Agency , 2016). The attacks were observed to be custom to each victim, making it one of the most refined backdoor trojans. Information gathered from attacks fueled massive “intelligence-gathering campaigns” (Cybersecurity & Infrastracture Security Agency , 2016).

2013 – CryptoLocker Trojan

Beginning September 5th 2013, the CryptoLocker epidemic began. The virus embedded itself in email attachments masking as a customer complaint against the victim’s business. Once opened, the user’s files were encrypted. A message demanding a fee be paid alongside a countdown clock populated. Another version of the virus was delivered via a link in an email that downloaded a “Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim’s PC” (Kelion, 2013). 3 months after initial release, CryptoLocker had compromised 250,000 systems.

2012 – Shamoon Virus

This was a virus crafted to participate in cyber-warfare and was directed at Saudi Aramco back in 2012 by activists. In August 2012, Kaspersky released a report outlining its capabilities. The Microsoft Windows virus uses systems connected via networks to infect and spread. The goal of the virus is to delete files and render the victim’s computers useless. The Saudi Aramco attack compromised “around 30,000 systems” (BBC News, 2012).

2011 – Duqu Worm

Finally, the intelligence gathering Duqu Worm was an extremely sophisticated piece of software discovered September 1, 2011. It used spear phishing techniques targeted at specific corporations. Businesses in the industrial control sector were the primary targets. The victims would be prompted to open a Word attachment that triggered a malware execution. Once activated, Duqu would install itself on the computer by taking advantage of an unpatched Window’s vulnerability to gather intelligence and communicate its findings back to the attacker. Intelligence gathering happened through “keylogging, recording system information, and stealing digital certificates and their corresponding private keys” (Radware, 2021).

It is eye opening to see the numerous virus’ that have plagued the online community for years. Computer users are encouraged to practice basic computer hygiene and routinely install software patches to mitigate the risk of online browsing. As a community, we can arm ourselves with knowledge and skills and resist against cybercriminals.

Works Cited

BBC News. (2012, August 17). Shamoon virus targets energy sector infrastructure. Retrieved from www.bbc.com: https://www.bbc.com/news/technology-19293797

Cybersecurity & Infrastracture Security Agency . (2016, September 30). Regin Malware. Retrieved from us-cert.cisa.gov: https://us-cert.cisa.gov/ncas/alerts/TA14-329A

Infloblox. (2019). CryptoMix Ransomware Cyber Report. Retrieved from www.infoblox.com: https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf

Kaspersky. (n.d.). What is WannaCry ransomware? Retrieved from usa.kaspersky.com: https://usa.kaspersky.com/resource-center/threats/ransomware-wannacry

Kelion, L. (2013, December 24). Cryptolocker ransomware has 'infected about 250,000 PCs'. Retrieved from www.bbc.com: https://www.bbc.com/news/technology-25506020#:~:text=A%20virulent%20form%20of%20ransomware,it%20alongside%20a%20countdown%20clock.

Loman, M. (2021, March 23). Black Kingdom ransomware begins appearing on Exchange servers. Retrieved from sophos.com: https://news.sophos.com/en-us/2021/03/23/black-kingdom/

Meskauskas, T. (2020, August 5). THANATOS Ransomware. Retrieved from www.pcrisk.com: https://www.pcrisk.com/removal-guides/12339-thanatos-ransomware

Ophtek, LLC. (2019, November 26). All You Need to Know About the Titanium Malware. Retrieved from ophtek.com: https://ophtek.com/all-you-need-to-know-about-the-titanium-malware/

Radware. (2021). Duqu. Retrieved from www.radware.com: https://www.radware.com/security/ddos-knowledge-center/ddospedia/duqu

Simmyideas. (2021, February 23). The Memz Virus: What It Is and How to Remove It. Retrieved from simmyideas.com: https://simmyideas.com/memz-virus/

Waqas. (2016, September 3). BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet. Retrieved from www.hackread.com: https://www.hackread.com/bashlite-malware-linux-iot-ddos-botnet/