Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration.
The first known ransomware was the 1989 PC Cyborg Trojan, which only encrypted filenames with a weak symmetric cipher. The notion of using public key cryptography for these attacks was introduced by Young and Yung in 1996 who presented a proof-of-concept cryptovirus for the Macintosh SE/30 using RSA and TEA. Young and Yung referred to this attack as cryptoviral extortion, an overt attack that is part of a larger class of attacks in a field called cryptovirology. Cryptovirology encompasses both overt and covert attacks.
Examples of extortive ransomware reappeared in May 2005. By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes.
Gpcode.AG, which was detected in June 2006, encrypted with a 660-bit RSA public key. Gpcode.AK, detected in June 2008, uses a 1024-bit RSA key, which is believed to be large enough to be computationally infeasible to break without a concerted distributed effort.
News of new GpCode-like ransomware is surfacing and it is stronger than ever before with 1024-bit encryption.
full article can be found here: