The Secure Socket Layer (SSL ) protocol is under attack: in recent months, a succession of vulnerabilities and successful breaches have raised questions about the effectiveness of this ubiquitous security standard. The emergence of DROWN (Decrypting RSA with Obsolete and Weakened Encryption) in early March 2016 may have finally forced IT admins to take action.
The fact that so many attacks are now focused on SSL is more important than you might think.
Ransomware is the latest trend in criminal malware. It infects computers, encrypts data and demands a ransom payment in the form of bitcoins. The encryption is so strong that it has not yet been circumvented. Locky and other ransomware have the potential to become much more than an annoyance.
Recently one case was reported where patient data was encrypted at a hospital. That might seem bad enough but what would happen if computers that control medical devices are infected by the virus and they show a ransom letter instead of doing their job? Documents, photographs, films and other personal data are usually the prime targets for encryption rather than system files and applications. However, databases and license key files have also fallen victim to unauthorized encryption.