Gaining an understanding of the Archiveus Trojan is important, due to its influence on modern ransomware. As one of the earliest examples of ransomware code created, it stands as one of the foundational pillars on which much of today’s ransomware is based.
The Archiveus Trojan arrived on the virus scene in 2006, targeting Windows users. Its primary claim to fame was being the first ransomware code to utilize RSA encryption–not to lock files, but instead to concatenate and encrypt them into a single file. Archiveus was primarily distributed via spam emails and file-sharing sites, although it could infect a system in a variety of other ways as well.
When a system became infected with Archiveus, all of the user’s files in the My Documents folder were copied into a single file and encrypted using RSA. This made Archiveus the first virus of its kind.
Once the copy was complete, the original files were deleted. Archiveus also placed entries into the infected computer’s registry to ensure that the malicious code was run each time the user attempted to open the now-encrypted file.
RSA encryption is a public key cryptosystem. Files encrypted using RSA require the user to enter in a string of alphanumeric characters to gain access. RSA is one of the oldest forms of encryption because it was very difficult to unencrypt, which made it perfect for encrypting data.
For the users impacted by Archiveus, any attempt to access their files resulted in being presented with instructions in a DOS window. The developers of the Archiveus Trojan claimed that they did not want your money. Instead of asking for a direct ransom, it would prompt the user to make a purchase or to simply send an email to receive an unlocking password.
Unfortunately, the RSA encryption was flawed in the case of Archiveus, and often users lost some files even after the correct password was entered. The impact of Archiveus was minimized when the unlocking password was detected and publicized by Sophos researchers.
Ransomware has come a long way since the arrival of the Archiveus Trojan. While it may no longer be a threat to the modern operating system, many of its core fundamentals remain in use today:
Although much has changed in the modern tech world, the basics behind a ransomware attack remain the same. Attackers today follow the same playbook built almost two decades ago, operating by using phishing to gain access, intimidation to create fear, and using this fear to build a paying customer base.