The Danger of Encrypting Viruses in Modern Cybersecurity

Introduction

In the Deep Space Nine episode of the hit sci-fi series Star Trek, a virus known as Cascade completely wipes out computer data on the USS Defiant, necessitating that it be brought back to base by another spaceship. The infection was not a part of the imagination of a screenwriter. Cascade was in fact the first known encrypting virus that surfaced in the later eighties, targeting DOS systems and infecting .COM files of users across the globe. The virus used an encrypting algorithm to avoid detection, increase file sizes, and cause text to ‘cascade’ to the bottom of the screen, making computer operation impossible.

In its wake came more potent encrypting viruses like Cerber, Locky, KillDisk and others, which encrypted a variety of file types, and crippled computer resources, thereby disrupting computer operations. 

Understanding encryption

A broad understanding of encryption is necessary for a discussion on encrypting viruses. Encryption entails scrambling data in such a manner that only authorized parties can decrypt it. It involves the process of converting human-readable text into cipher text that cannot be read due to its random appearance. Encryption requires the use of an encryption key, which is a set of mutually-agreed upon mathematical values by the sender and recipient of the encrypted message. Encryption takes place on executing a ‘Save’ or ‘Send’ command. Because of its encryption properties, it is considered one of the best ways to protect data.

Understanding decryption

Decryption is the technique of converting encrypted data to its original readable format that can be understood by a computer or a user. In essence, it is the opposite of encryption. The process of decryption requires decryption software, unique keys, passwords, or codes to convert encrypted data to a readable format. 

What are encrypting viruses

An encrypting virus is a type of computer virus that encrypts all data on a computer system, rendering it unusable. In certain cases, encrypting viruses have also been known to delete files, necessitating a factory reset of the system. An encrypting virus has the potential to disrupt operations completely.

An encrypted virus takes malicious encryption to another level, self-encrypting its code using algorithms to scramble its code. Encrypted viruses are invariably undetectable by even antivirus systems, as they prevent signature recognition.

Encrypting viruses are often referred to as ransomware. They encrypt files on a victim’s computer, rendering them inaccessible. Most encrypting attempts are followed by a ransom demand to the user to decrypt them.

How they occur

In most instances, infection takes place when the user advertently or inadvertently visits a malware-infected website, which triggers the infection due to auto downloading of the files, commonly known as drive-by downloads. In other instances, it occurs when the user advertently downloads a virus-infected file.

Encrypting viruses are also known to occur via infected patches or cracks. Malvertising or maladvertising is another way for encrypting viruses to gain access to a system. 

How they work

The encryption key is generated offline and inserted into malware. Typically, a virus infection takes place in the following manner:

• The virus locates target files or systems to infect
• It copies its code into the target host program or boot sector
• The infected program executes and spreads the virus further

At this stage, the virus starts to encrypt or morph its code over and over again in an endless wave of infections, using mathematical algorithms. This makes the encrypted code unreadable and undetectable, rendering the anti-virus scanners powerless to detect the signature of the virus. The virus will typically delete or change system settings, causing the system to malfunction

The damage they cause

Encrypted viruses compromise computer security and cause damage in the following ways:

• Encryption processes tap into the CPU and memory usage, causing a slowing down of the infected system. Very often this is a tell-tale sign that there is a virus infection in the system
• The infection spreads first to system files, either overwriting them or deleting them altogether, causing system failure or underperformance
• Viruses are known to make the system vulnerable to additional malware resulting in the already-infected computer collapsing altogether
• Viruses drastically consume computing resources, as the encryption routines require additional CPU and memory
• Sensitive information like passwords and personal data is exfiltrated by the virus
• Firewalls, antivirus systems, and other security measures are disabled or sometimes deleted
• Encrypting viruses are known to deliver ransomware demands

How to keep them at bay

Keeping your computer resources infection-free requires the adoption of a layered defense strategy that integrates control across users, devices, networks, cloud environments, and applications. Here are some  ways infection can be avoided:

• Installation of industry-grade anti-virus software that will identify viruses and shield the system from potential attacks
• Update software periodically and apply patches on time. Patches secure vulnerabilities in operating systems, making it hard for viruses to gain access
• Treat all emails especially those from unknown sources as potential sources of infection. Emails are the preferred means of gaining access to the system via malicious attachments
• Avoid clicking on suspicious links that could lead to malicious websites that carry drive-by downloads of encrypted viruses
• Exercise good cyber hygiene and cyber practices including a strong password management protocol for all accounts
• Take a backup of data at frequent intervals to an external hard drive or the cloud. In case of infection, data can be restored
• Exercise vigilance and caution as a general rule, taking care to update oneself about virus patterns and attacks
• Have a good incident response plan in place that could be activated at the first signs of infection
• Limit use of the internet and follow a practice of closing browsers when not in use

 Final words

In the Star Trek episode, the infected spaceship USS Defiant is towed back to safety by another spaceship, so that work can be started to restore its data, and thereby, its status as one of the most revered of spaceships intended for times of war and deep space exploration. The story serves to highlight the potential of viruses to destroy even the most versatile of defenses.

That, and the imminent threat that they continue to pose.

Additional reading:

Polymorphic malware : https://www.aurorait.com/2024/02/25/combating-the-insidious-nature-of-polymorphic-malware-in-cybersecurity/