Ransomware: From hobby hackers to a billion-dollar operation

In recent months, ransomware has become a mainstream topic across the world thanks to a string of high profile attacks across the globe. There is a sense that no one is immune to attacks from a persistent and organised community of cybercriminals who use ransomware as their main modus operandi. Some of the most worrying attacks have been those on national infrastructure. During the WannaCry attack for example the UK’s National Health Service (NHS) was majorly affected, demanding payments of $300 or $600 per computer to restore access. The disruption led to significant delays in hospitals and surgeries across the country.

Today, ransomware is one of the most popular forms of malware, but this hasn’t always been the case. Malware, like any virus, favours threats that can adapt and evolve to their surroundings. As we become more connected, and our economy gets more digital, we face a growing threat from cyberattack, with ransomware at the heart of the modern cybercriminals’ arsenal.

From cyber vandals to cyber criminals

The origins of ransomware can be traced as far back as 1989, when unsuspecting victims were infected with the ‘AIDS Trojan,’ which was distributed through floppy disks that were sent to victims via the normal postal service. Although the world was unprepared for such an attack, the virus struggled to spread at the time as few people used personal computers, and the internet was still in its very early stages. In addition to this, encryption technology was still limited at the time.

In spite of this early beginning, ransomware wasn’t a popular form of malware in the 90s and early 00s as the main aim was to gain notoriety through cyber pranks and vandalism, with hackers using graphics to communicate the attack to the user. These graphics were sometimes amusing and creative – so much so that some of them have been immortalised in an online ‘Malware Museum,’ where you can interact with viruses of yesteryear – with their malicious elements removed.

These days rather than sending a cheeky update to let you know you’ve been hacked the first most people and organisations hear of a successful attack is when the orchestrator starts asking for bitcoin. Unfortunately, ransomware has thrived in our new digital economy thanks to the emergence of almost impossible to trace crypto currencies. Early examples of ransomware in its modern guise were seen in the form of Cryzip in 2006. However, it wasn’t until 2013 that we saw the poster children for modern ransomware in the form of CryptoLocker and CryptoWall, released four years after Bitcoin was released as an open-source software. These viruses were distributed via a simple attachment and evading usual prevention techniques proceeded to quickly find and encrypt their victim’s data. The next part was simple: pay up or lose your data.

The emergence of a billion dollar industry

Monetisation is the key element that has set ransomware apart from traditional virus models. CryptoLocker and CryptoWall inspired a whole new generation of copy-cat cybercriminals. You only need to look at the figures to figure out why ransomware attacks have rapidly accelerated. Security experts have estimated that $1billion was deposited into Bitcoin wallets associated with ransomware cybercriminals in 2016 alone. This makes it an incredibly lucrative business, and is why criminals are now looking beyond the humble personal computer to more valuable targets like governments, the utilities industry and larger companies. This was the aim of the recent WannaCry and Petya global attacks, which infected major companies and national infrastructure in pursuit of bigger budgets able to pay larger ransom amounts.

This paints a bleak picture, but there is a silver lining. As attacks evolve, cybersecurity efforts are evolving to meet the challenge. WannaCry for example was stopped in its tracks by a security professional who engaged a ‘kill switch’ domain. The increased awareness of cyberattacks is leading to greater investment in preventative technology. Ransomware and other viruses will continue to evolve.

Organisations  who want to protect themselves from a growing threat to their systems and reputation must not wait for an attack to be successful before they invest in their security systems. Protection from the threat of ransomware means acting now, and arming themselves with equally scalable and advanced weapons to combat a complex and evolving threat which shows no sign of slowing down.

Read one of my previous blogs on the new security environment.