Ransomware: its history, evolution and future

It's been less than a month since we heard the news of a new massive ransomware attack. Initially, the ransom was in the hundreds of dollars, but now it has reached millions of dollars. So how do we get to the point where we can keep our data and services for ransom? With a multimillion-dollar attack, should we hope that this process will always end?

History of Ransomware

Dr. Joseph L. Pope is credited, among his other achievements in biology, with the first use of computer software to demand ransom. In December 1989, Bob sent 20,000 floppy disks titled "AIDS Information - Preliminary Disk" to hundreds of medical research institutes in 90 countries using the postal service. Each tablet contained an interactive survey that measured a person's risk of AIDS based on responses. In addition to the survey, the first ransomware program - "AIDS Trojan" - encrypts encrypted files on a user's computer after restarting a certain number of times. Printers attached to the printer provide instructions for sending a draft, check box, or international money transfer of $189 to a mailbox in Panama. He was planning to distribute another two million AIDS tablets before he was arrested on his way back to the United States from a World Health Organization symposium on AIDS. Despite the evidence against Dr. Pope, he was not convicted of the crime. Ransomware: Its History, Evolution, and Future

In the early 2000s, cybercriminals had a ransomware prototype and access to three basic pieces of technology that Dr. Bob did not have.

(1) An efficient and high-speed delivery system that connects millions of computers around the world to the World Wide Web. (2) Access to more powerful asymmetric encryption tools for impossible-to-crack encryption. (3) A payment platform that provides speed, anonymity, and the ability to automate decryption tasks when paying, such as Bitcoin.

Put these together, and that's when the ransomware really goes away. Here is a summary of important events in the history of ransomware:

2006 - Archiveus used RSA-1024 to encrypt files, making it impossible to unlock them. Victims were forced to buy goods from online pharmacies to get a decryption code. 2008 - With the invention of Bitcoin, ransomware attackers can now create a unique payment address for each victim, thus becoming the preferred payment method. 2011 - Bitcoin matures and the number of ransomware attacks increases dramatically: 30,000 infections are reported in the first two quarters of 2011. This doubled to 60,000 at the end of the second quarter. Ransomware: its history, evolution, and future

2012 - Reveton pulls a sheet of paper from Vundo virus and uses intimidating tactics to force victims to pay. After encrypting the files, the Reveton worm pretended to be a law enforcement agency and warned the victim that they had committed a crime - mostly by downloading or using pirated software. The castle appears on the scene. A toolkit for developing and distributing malware and managing bot networks, thus expanding the scope of ransomware even further with pay-per-install software. Cybercriminals can pay a small fee to install their ransomware on malware-infected computers. 2013-2015 - A combination of RSA-2048-bit encryption, anonymization of public keys and command and control servers in the Tor network, and the use of the Gameover Zeus bot network for distribution, enables CryptoLocker to be one of the most aggressive and productive ransomware Trojans. Svpeng, originally designed to steal payment card information, will become a ransomware by 2014. Victims are locked in their phones and accused of accessing child pornography. Launched in May 2015, Ransomware-as-a-Service (RaaS), operators of RaaS services pay 20% of all Bitcoin ransom. 2016 - Ransom32, fully developed in Javascript, HTML and CSS, is the first "Write Infect All" ransomware capable of infecting Windows, Linux and macOS devices. Locky is distributed through phishing attacks using malicious Microsoft Word attachments. At its peak, it infects up to 100,000 organs per day. KeRanger is the first ransomware program that targets Mac files and Mac recovery systems, disabling system recovery features that can restore a previously unencrypted state. ransomware: its history, evolution, and future

2017 - WannaCry and Petya bring ransomware The ransom comes to the fore. WannaCry is a crypto worm that reproduces semi-autonomously through targeted system vulnerabilities and spreads automatically. WannaCry infected more than 250,000 devices worldwide in early 2017 - the largest ransomware attack in history with an estimated $4 billion in financial damage worldwide. NotPetya (kind of the first Petya 2016) is another secret worm that uses the same vulnerabilities in WannaCry despite the release of security patches. Both types of ransomware highlight the dangers of maintaining unsupported systems and the necessity of installing security patches. 2018 - "ransomcloud" proves that cloud email accounts like Office 365 are also vulnerable to ransomware. Fortunately, this is a proof of concept provided by a white hat hacker. Bitcoin anonymity is no longer guaranteed, and cybercriminals are starting to migrate to other cryptocurrencies. Newer variants such as Annabelle, AVCrypt and the new version of SamSam include advanced features to prevent and disable post-attack forensic detection. 2019 - Ransomware attackers launched two-stage attacks, combining malware followed by ransomware. Ransomware like MegaCortex is designed to target corporate networks using domain controllers for expansion. Security researchers recently reported that attackers use virtual machines to cover up ransomware encrypting activity on host files and folders, thus preventing antivirus software from detecting it. Evolution of Ransomware Tactics

In addition to using advances in technology to their advantage, ransomware attackers are more robust and are using innovative ways to improve the success of ransomware.

Cybercriminals have shifted their focus to critical infrastructure and larger organizations. In 2016, for example, several hospitals were attacked by ransomware, including Presbyterian Hollywood Medical Center, Ottawa Hospital and Kentucky Methodist Hospital, to name a few. In all cases, hospital devices were locked or medical records were encrypted, putting the patient's life at risk. Some hospitals have been lucky and have had strict backup and recovery policies. Unfortunately, others needed to pay a ransom as soon as possible to restore health services. Ransomware development timeline: 1989 - 2019


(Click to enlarge)

In March 2018, many online services of the city of Atlanta after the ransomware attack were offline. No payment Bitcoin ransom of $55,000, but initial estimates of recovery costs are around $2.6 million.

In May 2021, DarkSide ransomware destroyed key infrastructure responsible for providing 45% of gasoline consumption in 13 US countries. For a week, Colonial Pipeline, the victim of this particular attack, paid $4.4 million to restore its systems. Large payments like this make attackers try to find more creative ways to pay with ransomware.

The Colonial pipeline 5,500 miles away has been offline for several days After a ransomware attack compromised his computer network, the Darkside Group, a group of cybercriminals in Eastern Europe, was responsible. about the attack.

There is another tactic used called 'Encrypt and Withdraw'. The attackers found that the same network vulnerabilities that contribute to ransomware infection can be used to leak data. In addition to encrypting victims' files, attackers steal sensitive data and threaten to publish it if they do not pay the ransom. Therefore, even if an organization can recover with the backup ransomware attack, it cannot breach public data.

Vastamo, a Finnish psychotherapy clinic with 40,000 patients, is a victim of a new tactic called "triple coercion". And as usual, medical records are encrypted and a large ransom is demanded. The attackers also stole patient information, and shortly after the initial attack, patients received negative emails asking for a ransom to prevent public disclosure of personal therapy session notes, due to data breaches and damages. Financially, Vastaamo filed for bankruptcy and ceased operations.

Future Ransomware

The Check Point Survey reports that attacks have increased by 57% since the beginning of 2021, with nearly $20 billion planned for jobs in 2020 alone, up 75% from 2019.

< p> Ransomware attacks are highly targeted, they target organizations in industry like healthcare, water, electricity, insurance/law, they provide important services because they are likely to pay, big ransom. ransomware: its history, evolution, and future

Ransomware attacks in any organization based on industry data April 2021 by Check Point Research

About 40% of new types of ransomware include data breach components for double and triple use - extortion techniques. In addition, it offers a combination of RaaS, REvil, Distributed Attack, Denial of Service (DDoS), and VoIP as a free service to its affiliates (real attackers attacking a system) for more pressure offering victims to pay. Diat within the specified time frame.

Why the sudden increase in ransomware attacks?

Profitable! Even if a small percentage of ransomware attacks are successful, you will still generate significant returns on your investment. Consider, for example, the largest public ransom payment ever: CWT Global - Colonial Pipeline - $4.5 million - $4.4 million Brenntag North America - $4.4 million Travelex - $2.3 million University of California at San Francisco - $1.14 million p> However, these attacks only lead to a small number of successful ransomware campaigns. Unfortunately, such high-profile payments push attackers to constantly search for new ways to infect, spread, and extort money. In 2017, 55 traffic cameras in Victoria, Australia were attacked by WannaCry due to human error. While the impact of the attack was small, it refers to devices targeting cybercriminals. Given the slow pace of security updates and the growing number of vulnerable IoT devices around the world, this is likely to create opportunities for ransomware operators.

src =

Experts also fear the rise of ransomware in cloud services, particularly Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) targets. A new proxy, a new generation of young people inspired by TV shows like Mr.Robot.They have access to more resources like Hack the Box than any generation before them.These newcomers are eager to learn and more eager to test their skills.Ransomware is at the heart of a complex and thriving underground economy with all the hallmarks of a business legitimate business.Imagine a community of highly skilled and collaborative malware developers, RaaS providers, categorized affiliates, IT and customer support teams, and even the operators responsible for “Invader” and “Trademark” press releases.We provide data to different service providers and rely on technology Our daily operations, and inadvertently enabling ransomware attackers to hijack and take us hostages. Therefore, we can only expect ransomware attacks to increase, and to be more creative and creative in ensuring ransom payments - perhaps requiring the first payment for data decryption and the second payment separately for not publishing. The light at the end of the crypto-tunnel that broke through the colonial pipeline hack highlighted the vulnerability of modern society. The attack led to widespread anxiety in the affected cities, resulting in panic over fuel purchases, fuel shortages and high fuel prices.

Ransomware costs not limited to ransomware. Data damage, downtime, reduced productivity after the attack, costs for forensic research, rebuilding the system, improving system security, and training employees are hidden and unplanned costs of tracking the attack. Ransomware: its history, evolution, and future

In late 2020, the Ransomware Task Force (RTF) was launched. A coalition of more than 60 members from various sectors - industry, government, law enforcement and countries - is dedicated to finding solutions to prevent ransomware attacks. In April 2021, the RTF published the report "Fighting Ransomware: A Comprehensive Framework" which includes 48 priority recommendations for removing ransomware.

A concerted effort is paying off. While no arrests were made, the FBI recovered 63.7 bitcoin (2.2.3 million) ransom paid in the colonial pipeline attack. The FBI and other law enforcement agencies around the world were able to disable NetWalker ransomware as a service to communicate with victims. Earlier this year, the Emotet botnet, a major tool for delivering ransomware to victims through phishing, was also removed.

This may seem like a drop in the ocean compared to the number of ransomware attacks in the recent past. However, public, international, public and private organizations acknowledge and actively work to neutralize the ransomware threat, which is a very necessary step in the right direction.

Ransomware: its history, evolution and future

"3Dfx" account indicates that the company is reverting, but it is almost certainly fake

Facepalm: 3Dfx, the longtime GPU manufacturer behind Voodoo graphics products in the '90s, has tweeted heavily that it's back in the graphics card mar... The Steve Jobs app was physically sold in 1973 for $300,000 more than the NFT version

The Steve Jobs app was physically sold in 1973 for $300,000 more than the NFT version

What happened? The question of whether someone is spending more on the NFT version of the thing than on the real thing is answered with a clear answer... Facebook, Netflix and Google make vaccinations mandatory for employees

Facebook, Netflix and Google make vaccinations mandatory for employees

What happened? Tech companies are sending a clear message to employees: If you want to go back to work, you should get vaccinated against Covid-19. Go... Bitcoin crashes after US refuses to accept crypto as payment

Bitcoin crashes after US refuses to accept crypto as payment

What happened? As we have seen many times in the past, the price of Bitcoin has plummeted after spreading rumors that those involved have dismissed. I... Bitcoin nears $40,000 after Amazon job posting hinted at launching a cryptocurrency

Bitcoin nears $40,000 after Amazon job posting hinted at launching a cryptocurrency

What happened? The price of bitcoin has risen by nearly $40,000 due to allegations that Amazon intends to pay for crypto. A few hours ago, BTC made $3... Report: Amazon could have the key to building your apartment

Report: Amazon could have the key to building your apartment

Hot Potato: How do you feel about owning a key in your apartment building at Amazon? Is it comfortable or a little worrisome? Given that the company a...