The history behind the hacking method and what follows
As the ransomware industry evolves, experts predict that hackers will continue to find more and more ways to use technology to exploit businesses and individuals.
Sexan Master | Moment | Getty Images
Ransomware is now a billion dollar industry. But it wasn’t always this big—nor was it the widespread cybersecurity risk it is today.
Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology, which officially turned 35 on December 12, has come a long way, with criminals now able to spin ransomware faster and deploy it on multiple targets.
Cybercriminals earned $1 billion from cryptocurrency payments of ransomware victims in 2023 – a record high, according to data from blockchain analysis firm Chainalysis.
With modern cloud computing technology, artificial intelligence and geopolitics shaping the future, experts expect ransomware to continue to evolve.
How did Ransomware originate?
The first known ransomware attack occurred in 1989.
A hacker has physically mailed floppy disks that claim to contain software that can help determine whether someone is at risk of developing AIDS.
However, when installed, the program was hiding directories and encrypting file names on people’s computers after 90 restarts.
He will then display a ransom note requesting that a cashier’s check be sent to an address in Panama for a license to recover the documents and folders.
The program has been dubbed the “AID Trojan” by the cybersecurity community.
“It was the first ransomware and it was someone’s imagination. It wasn’t something they read about or researched,” Martin Lee, head of EMEA for Talos, the cyber threat intelligence division of IT equipment giant Cisco, told CNBC in an interview.
“Before that, it was simply never discussed. There wasn’t even a theoretical concept of ransomware.”
Harvard-educated biologist Joseph Popp, who committed the incident, was caught and arrested. But after displaying erratic behavior, he was deemed unfit to stand trial and returned to the United States.
How Ransomware Evolved
Since the emergence of AIDS Trojans, ransomware has evolved greatly. In 2004, a threat actor targeted Russian citizens with a criminal ransomware known today as “GPCode”.
The program was delivered to people via email – an attack method commonly known today as “phishing”. Lured by the promise of an attractive career offer, users downloaded an attachment containing malware masquerading as a job application form.
Once opened, the attachment downloads and installs malware on the victim’s computer, encrypts files by scanning the file system, and demands payment via wire transfer.
Later, in the early 2010s, ransomware hackers turned to cryptocurrency as a payment method.
In 2013, just a few years after the creation of bitcoin, the CryptoLocker ransomware appeared.
Hackers targeting people with this program demanded payment in either bitcoin or prepaid cash checks – but this was the first example of cryptocurrency becoming the currency of choice for ransomware attackers.
Further, more prominent examples of ransomware attacks that choose cryptocurrency as a ransom payment method include: WannaCry and Petya.
“Cryptocurrencies provide many advantages for bad guys because it’s a way to transfer value and money outside of the regulated banking system anonymously and immutably,” Lee told CNBC. “If someone has paid you, that payment cannot be refunded.”
CryptoLocker also became famous in the cybersecurity community as one of the first examples of a “ransomware-as-a-service” operation – that is, a ransomware service sold by developers for a fee to allow more inexperienced hackers to carry out attacks. .
“In the early 2010s, we had this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker was “very successful in controlling crime.”
What’s Next for Ransomware?
As the ransomware industry continues to grow, experts predict that hackers will continue to find more and more ways to use technology to exploit businesses and individuals.
By 2031, there will be ransomware will cost victims $265 billion annuallyThis is stated in the Cybersecurity Ventures report.
Some experts worry that AI will lower the barrier to entry for criminals looking to create and use ransomware. OpenAI’s generative AI tools like ChatGPT allow everyday internet users to enter text-based queries and queries and receive complex, human-like responses in response – and many programmers even use it to help them write code.
Mike Beck, Darktrace’s chief information security officer, told CNBC.Squawk Box EuropeThere is a “tremendous opportunity” for AI to both weaponize cybercriminals and improve productivity and operations at cybersecurity companies.
“We need to arm ourselves with the tools that the bad guys use,” Beck said. “Bad guys will use tools that are used today along with all these changes.”
But Lee doesn’t think artificial intelligence poses as much of a ransomware risk as many think.
“There’s a lot of speculation that AI is very good for social engineering,” Lee told CNBC. “But when you look at the attacks that are out there that clearly work, it’s the simplest attacks that are so successful.”
Targeting cloud systems
A serious threat to watch out for in the future could be hackers targeting cloud systems that allow businesses to store data and host websites and applications remotely from remote data centers.
“We haven’t seen a lot of ransomware hitting cloud systems, and I think that’s going to be the future going forward,” Lee said.
According to Lee, we may eventually see ransomware attacks that encrypt cloud assets or deny users access by changing credentials or using identity-based attacks.
Geopolitics is also expected to play a key role in the development of ransomware in the coming years.
“Over the past 10 years, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware has become a geopolitical weapon that can be used as a geopolitical tool to disrupt organizations in countries perceived as hostile,” Lee said. .
“I think we’re probably going to see more,” he said. “It is fascinating to see how the criminal world can cooperate with a nation state to do its bidding.”
Another risk Lee sees is autonomously distributed ransomware.
“There’s still room for more ransomware out there that spreads autonomously — maybe not hitting everything in their path, but limited to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we’re going to see the ransomware ecosystem become more and more professionalized, moving almost exclusively to a ransomware-as-a-service model,” he said.
Even if the way criminals use ransomware is poised to evolve, the actual makeup of the technology is not expected to change that dramatically in the coming years.
“It’s been proven effective outside of RaaS providers and using stolen or purchased toolchains, credentials and system access,” Jake King, head of security at Internet search firm Elastic, told CNBC.
“Until additional obstacles appear for adversaries, we will continue to observe the same patterns.”
English