Ransomware has been a malicious tool used by attackers to extort money since the late 1980s. In the decades since, ransomware has gone through multiple stages of evolution, becoming increasingly sophisticated and destructive. Here, we will explore how ransomware has changed over the years and discuss modern techniques attackers use to create more powerful threats.
Origins of Ransomware
Ransomware emerged in the late 1980s when attackers developed malicious code to encrypt data and demand a ransom payment for the continued use of the device. The first recorded attack occurred in 1989 when hackers used a floppy disk to release the AIDS trojan to research scientists.
Hackers required these professionals to send money overseas to a P.O. box to access their files. They asked affected computer users to send $189 for continued use of 365 applications. Users who wanted an alleged lifetime lease could send $378.
Sending a banker's draft to an overseas P.O. box was not the most ingenious payment solution, but there were few other discreet ways of getting paid. Consequently, despite the existence of ransomware for several decades, cases were not as prevalent until the 2000s.
Ransomware in the 2000s: From Encryption to Social Engineering
In the early 2000s, attackers shifted from simple encryption-based ransomware to more sophisticated methods of monetizing attacks. New attack vectors such as phishing and social engineering were employed to deceive victims and extract money.
One example was the FBI Moneypak virus. Attackers presented a fake warning from the FBI accusing them of a crime and asking victims to pay a fine to unlock their computers. These bogus fines ranged from $200 to $400. They were also well-timed with pressing issues at the time.
There are several different versions of the virus, impersonating the FBI. One accused the user of downloading copyright material when copyright infringement laws were a hot topic in America. This contributed to the sense of fear and urgency in victims, compelling them to pay.
The Growing Use of Double Extortion and Triple Extortion
In 2019, the threat actors behind Maze ransomware released a new double extortion variant. This attack combines encryption and data theft. Attackers encrypt victims' files and then threaten to release sensitive information if victims do not pay a ransom. Triple extortion applies when attackers combine a double variation with a third threat, such as holding critical infrastructure hostage.
Studies have shown that most ransomware hackers do not return data to affected entities when those entities pay the ransom. As a result, companies increasingly use backup strategies to restore data and resume business as usual. While this strategy limits business disruptions, hackers can threaten to release the data. These criminals have learned that the initial threat might not go as planned, so they sometimes escalate the intensity.
For example, a hacker might release stolen data containing the contact information of individual customers at a bank. Then, they might threaten to release credit card details. The final threat may be to release the information of business clients, which leads to increased pressure from customers to comply.
Sophisticated Attacks Beyond Ransomware
While ransomware is still popular among attackers, modern threats have moved beyond simple encryption techniques. Attackers now employ more sophisticated methods, such as zero-day exploits. Zero-day exploits take advantage of previously unknown software or operating system vulnerabilities.
Hackers often use these attacks to access sensitive information or install malware on a device without the user's knowledge. Zero-day exploits can be complicated to detect and remain hidden for months or even years before being discovered.
Capital One's 2019 cyber breach is an example of a zero-day exploit caused by misconfiguration, though the hacker did not demand a ransom. A former AWS employee gained access through a misconfigured web application firewall and stole 100 million Capital One records.
Impersonation has also become incredibly popular as part of phishing schemes. This approach started in the 1990s when hackers impersonated AOL workers and hijacked accounts. Since then, hackers have created increasingly convincing fake emails.
The Stronger Focus on Big Game
A decade ago, few hackers even considered attacking government organizations or financial institutions. Modern-day hackers are bolder and greedier. No organization is too lofty a goal. The main appeal is that large organizations reduce the need to target or infect multiple victims. Instead, hackers can compromise one network or device and use this as a loophole to gather millions of records.
In 2020, 79 ransomware incidents involved U.S. city and county governments. Federal agencies also suffered attacks. In February 2023, for example, hackers used ransomware to target the U.S. Marshals Service. Targeting the oldest federal law enforcement agency in America is nothing short of bold.
The increased attacks on government agencies, public services, and financial institutions have caught the attention of countries worldwide. Several have launched task forces that treat this form of cybercrime as domestic terrorism. America is especially concerned that hacks originating from foreign IP addresses may be digital espionage.
The Role of Bitcoins in Ransomware Attacks
Bitcoins radically changed how people thought about, interacted with, and created money. Young people worldwide increasingly use cryptocurrency to process payments and even save for retirement. Most finance gurus warn that these currencies are volatile and expose users to unusually high levels of risk, but this has not slowed the use of cryptocurrency.
Crypto is especially beloved among hackers. It solved the problem of how to collect ransom via untraceable payment options. Bitcoin is now a common payment option for ransomware victims.
Attackers choose Bitcoin and other cryptocurrencies because they make exchanging money easy without intermediaries. This makes it impossible to trace the transaction and adds an extra layer of protection for attackers.
How Emergency Response Systems Can Assist With Ransomware Response
Ransomware attacks have become increasingly expensive. In 2020, ransomware victims paid $350 million in cryptocurrency. Even when companies do not pay the ransom, they have additional costs:
-
Insurance premiums (which are also rising in cost!)
-
Strengthening infrastructure
-
The cumulative loss of productivity due to additional safety protocols
Emergency response systems are among the best ways companies can ensure effective communication during a cybersecurity crisis. Early detection and good communication can significantly reduce the severity of ransomware attacks by allowing everyone to act quickly.
Our Hiplink team has fine-tuned our emergency communications systems to handle ransomware breaches. Will you include this in your network and data security strategy? Download our eBook to learn more about ransomware prevention and how else you can improve your response plan.