A malware name viruses Technology Research Paper Essay

Name
Institutional Affiliation
Course Code/Title
Instructor
Date
A Malware Name Viruses: RobbinHood Virus
Introduction
Malware is malicious software that comprises viruses, trojans, worms, and other harmful software programs that hackers use to harm or wreck or gain access to sensitive data. Microsoft defines malware as a software that is designed to damage computers, servers, or a computer network. In particular, malware is defined based on its intended use and not according to a particular method or technology used to build it (Fruhlinger). In this classification, a virus is a type of malware but not all pieces of malware are viruses. However, there are different kinds of malware depending on how they spread. Malware is classified in terms of how they spread and include trojans, worms, and viruses. While the terms are used interchangeably, Symantec explains that the three forms of malware can be differentiated in the way they infect target computers. Trojans do not usually reproduce themselves but will masquerade as items that the user wants to use and will trick them to activate their processes (Fruhlinger). Worms are standalone malicious programs that are capable of reproducing and spreading in different computer systems. The intent of this paper is viruses, the pieces of software referring to computer codes that insert themselves within the code of other programs and commandeer the program to commit malicious actions to spread themselves. This paper discusses RobbinHood virus of 2019, the background and summary of the attack, and the logical walkthrough of how the attack took place.
Background
Malware can be installed manually on computer systems by hackers by gaining physical access to systems or utilizing privilege escalation in gaining remote access of administrators. In classifying malware, it is important to categorize the effect it has on computer systems once they have gained access to the system. Depending on their activities, malware is classified into rootkits, spyware, adware, ransomware, malvertisers, and cryptojackers. The case of RobbinHood was a type of computer virus attack or ransomware that affected government computers in Baltimore city in 2019 resulting in financial losses estimated to be $18.2 million. Ransomware encrypts the files in the hard disk drive and commands a payment in form of cryptocurrencies, usually bitcoins (BTC) to process a decryption key. Usually, without the decryption key, it is impossible to mathematically regain access to the affected keys (Fruhlinger). However, shareware is shadow versions of such attacks that claim to have commandeered systems and will claim a ransom. These versions only use tricks such as browser redirects to appear that they have done more damage than they have done. Unlike real ransomware, scareware is easily disabled.
In the case of RobbinHood, Baltimore city officials noticed a strange behavior in their computers in April 2018 where computer files had been infected and held ransom by destructive agents. The hackers had embedded a digital ransom notice demanding for 3 bitcoins (BTC), an amount that was then valued at $17,000 in exchange for each of the systems that had been compromised. This would then cost the city a total of 13 BTC or $75,000 for all machines that had been attacked. Besides Baltimore city computers, other cities such as Amarillo, Atlanta, G.A, New York City, and Greenville have been victims of similar attacks.
Summary of the actual hack
RobbinHood is a malware that aims at encrypting the hard drive of a computer with the RSA+AES cryptographic combinations then instructs the victims to contact the attackers through the Onion Tor website. The virus drops the notification file on the desktop directory of the infected computer, leaving instructions about the demands and contact information. Fig 1 below shows a notification displayed by RobbinHood malware. The attack targeted at disabling voice mails, a parking fines database, emails, property taxes, and vehicle citations, and systems used to charge water bills.
Fig 1 Notification by RobbinHood malware (Kremez)
Logical walkthrough of how the hack took place
RobbinHood virus takes advantage of a vulnerability in systems running on Microsoft Windows known as EternalBlue first discovered by NSA. EternalBlue is a conduit to deliver the RobbinHood virus that was first posted in April 2017 on the Internet by ‘Shadow Brokers’, a hacking group that was first seen in mid-2016 (Pinkstone). This hack imitates the 2017 attack by WannaCry that made devastating havoc in 74 different countries around the world, including Russia, Vietnam, Turkey, Germany, and the Philippines. According to Scro...