The history and evolution of ransomware attacks
In 1989, a group of unsuspected attendees at a World Health Organization conference received around 20,000 floppy disks. This incident went down in history not because of any scientific breakthroughs but because it heralded an all-new era in cybercrime—ransomware. Fast-forward to today, and ransomware attacks have transformed into a billion-dollar criminal enterprise, targeting not only the big giants but also small businesses and individuals.
What if, one fine day, you get locked out of your client database, important files, and encrypted documents? Then you realize that the only way to regain access to these files is to pay a ransom to a cybercriminal who now controls your data. Sounds daunting, right? This is the reality that countless organizations and people have faced as ransomware continues to spread like a plague.
In this article, we will look at how ransomware attacks have morphed through the years. But before we get into it, remember that knowing how ransomware came about and developed is not some kind of history lesson in cybersecurity—it’s an actual strategic step towards countering the digital menace that becomes more pervasive with every passing year.
A brief overview
Ransomware is a type of malware designed to encrypt files on a computer system and then demand a ransom in exchange for the decryption key. It can get into your system through phishing emails, malicious downloads, or exploiting unpatched vulnerabilities in software.
Organizations across the world reported around 317.59 million ransomware attempts in 2023 alone.
Let that sink in!
This number says so much about the severity and prevalence of ransomware attacks today. No organization, big or small, is spared—from hospitals to government agencies, corporations, and educational institutions, all of them are susceptible to its wrath.
The dawn of ransomware
The serious menace that ransomware has become has had the healthcare sector as the very first target. In 1989, a researcher named Dr. Joseph Popp circulated 20,000 infected floppy disks containing the AIDS Trojan at a World Health Organization conference. What seemed to be a program for analyzing a person’s risk of getting AIDS also contained hidden malware.
The malicious malware hid all the directories, encrypted the files on the C drive, and then displayed a message demanding payment of $189 for decryption.
This attack ushered in a new era of holding data hostage for financial gain. Though primitive in nature, as compared with complex encryptions today, this AIDS Trojan established a dangerous precedent for future cybercriminals. It paved the way for them to unravel the disruptive potential of ransomware to wreak havoc within such critical sectors as healthcare.
Ransomware in the age of the internet
In the 1990s, when the internet became widely accessible, ransomware garnered a new level of attention among emerging hackers. The internet provided an easy and efficient way for cybercriminals to distribute ransomware through emails, malicious websites, and downloadable files. This connectivity allowed ransomware to spread quickly, targeting more people and businesses than ever before.
In 2006, things picked up the pace when the sophisticated RSA encryption was used by cyberattackers to release the Archiveus Trojan. This trojan encrypted all files in the My Documents folder of the victims’ computers and demanded they buy various products from an online pharmacy to obtain the 30-digit password.
Another example is the GPcode ransomware. Initially, it was distributed via e-mail attachments that looked like job applications with a 660-bit RSA key. Later, it was followed by a more dangerous variant: Gpcode.AK—a version with a 1024-bit RSA key, making it almost impossible to decrypt without the private key, for which the victims had to pay a fee.
The emergence of Ransomware-as-a-Service (RaaS)
In the last decade, ransomware has grown tremendously, and one reason for this surge is Ransomware as a Service (RaaS). Here, the attacker could purchase pre-constructed ransomware tools, thereby eliminating the need for any technical know-how to execute their nefarious intentions. One of the notable examples of RaaS is Zeus, a variant of trojan horse malware that appeared in 2007. It was later used as the channel for CryptoLocker ransomware during an attack that occurred from 2013 to 2014.
After the CryptoLocker, other large-scale attacks like CryptoWall and Locky emerged, both of which employed advanced persistent threats (APTs), making them particularly difficult to detect and remove.
The global infiltration of ransomware
As ransomware continued to become bigger and better (in executing nefarious tactics), it started infecting systems worldwide and across many industries. In 2017, the WannaCry ransomware attack epitomized the pervasiveness of this malware category, with the total number of targets crossing 200,000 in 150 countries. The attack was so grave that it disrupted vital services worldwide, including healthcare and transportation.
Another major incident that came up around this time was the NotPetya attack. It targeted big companies and critical infrastructure, causing billions in damages and impeding operations worldwide. Furthermore, as cryptocurrencies became a preferred mode of payment for ransom payments, the attacks became more rampant and widespread, only making it difficult for authorities to trace and capture attackers.
The modern cybercrime that we know today
The modern ransomware attacks that we know today (or have fallen victim to) operate like large businesses with streamlined operations and designated call centers to handle ransom payments.
In their pursuit of higher payouts, attackers target large corporations and high-profile individuals, a tactic known as ‘Big Game Hunting’ (BGH). An example of such an attack is the Sodinokibi group (also known as REvil), which uses a ransomware-as-a-service (RaaS) model to onboard affiliates who spread their ransomware.
Looking back at the trajectory of the evolution of ransomware attacks, one thing is clear—what started as a simple attack has become highly sophisticated. Not to mention, its impact has always been grave. Given the growing sophistication and frequency of these attacks, your organization deserves robust security mechanisms to protect its valuable data. A great way to go about it is to deploy email authentication protocols to secure your email communications.
To kick-start your authentication journey with DuoCircle, get in touch with us!