Cybercrime has seen a steady rise in recent years. Criminals have been using all means available to them to conduct cyberattacks and extort money out of business owners. One tool available for cybercriminals is a malware called ransomware.
According to Cybersecurity Ventures’ study from 2019, companies were affected by ransomware every 14 seconds. And this year alone, criminals stand to gain $11.5 billion due to these attacks.
What is this vicious malware, and how it came to be?
What is ransomware?
Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files. As the name suggests, cybercriminals then demand a ransom payment to restore access to the data. When payment is made, users are shown instructions for getting and using the decryption key.
Ransomware is difficult to track and fight against because it can access the computer in a number of ways. One of the most common ways to infect a person’s computer is phishing spam. Criminals send attachments that come to the victim in an email, masquerading as a file they should trust. Once the file is downloaded and opened, the malware takes over the victim’s computer. Last year, up to 91% of the cases were done via spear-phishing emails.
Other methods are more aggressive, like exploiting security holes to infect computers without needing to trick users.
How it all started – the most famous cases
While cybercrime is a relatively new phenomenon, the first ransomware to go down in history was AIDS Trojan. It was programmed by American biologist Joseph Popp in 1989 using QuickBasic 3 and was distributed via floppy disks. The disks were titled AIDS Information – Introductory Diskettes and accompanied by an information booklet stating the need to purchase the license to fully use the software. Once the floppy was inserted and clicked on, the malware took over MS-DOS Windows system boot file, and printers would print a document asking for ransom. Once the payment was made, victims would get instruction on data recovery.
Joseph Popp was arrested a year later, and his imprisonment stopped him from sending an additional 2 million floppy disks containing this virus. The consequences of this attack were huge, and AIDS care research centers around the world lost nearly 10 years of study results.
One of the first large-scale ransomware attacks in the modern era was the CryptoLocker in 2013. Spread through email attachments and spam messages using the Gameover ZeuS botnet, it used 2048-bit RSA public key to encrypt user files in exchange for money. According to Avast, CryptoLocker infected over 500,000 computers at its peak. The malicious software was defeated thanks to Operation Tovar, a joint campaign between FBI, Interpol, security companies, and universities.
TeslaCrypt was presented as a variant of CryptoLocker, but later on, gained its own identity thanks to its particular modus operandi. The ransomware targeted ancillary files associated with video games, such as saved games, maps, downloadable content, and similar. For certain people, these are the most important files that are used frequently. They are often saved locally, rather than on cloud or in external drives. In 2016, 48% of attacks were performed by TeslaCrypt, and victims were asked $500 in bitcoins.
In an unexpected turn of events, however, hackers released the main decoding key to the world for free.
In 2017, more than 150 countries were hit by the WannaCry ransomware attack. Designed specifically to exploit a vulnerability in Windows, it affected over 230,000 computers globally. After two years, security experts estimated that over two million computers were affected. The attack hit a third of hospital trusts in the UK, costing the National Health Service an estimated £92 million.
Affected users were locked out and unable to access their files until a ransom was paid in the form of bitcoin. The payment was set to $300, and after three days, it would double to $600. If payment was not concluded within a week, all files would be deleted. The global financial impact of WannaCry caused an estimated $4 billion in financial losses worldwide.
Bad Rabbit first appeared in 2017 and was unique due to its spreading technique. It used a method called drive-by attack, where insecure websites are targeted and used to carry out an attack. During a drive-by ransomware attack, a user visits a legitimate website, not knowing that it has been compromised by a hacker. Drive-by attacks often require no action from the victim, beyond browsing the page.
However, in this case, the victims were infected when they clicked to install something that is actually malware in disguise. Bad Rabbit used a fake request to install Adobe Flash as a malware dropper to spread the infection. The ransom was $280 in bitcoin with a 40-hour deadline.
Petya first appeared in 2016 and built upon the WannaCry ransomware. A year later, it resurged as GoldenEye. It spread through HR departments and fake job application emails with infected Dropbox link or attachment. But rather than encrypting specific files, this vicious ransomware encrypted the entire hard drive making it impossible to access anything on the disk.
Once encrypted, victims were required to pay $300 in bitcoin to get the decoding key.
One of the most recent ransomware that spread in 2018 was Ryuk. It disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup. It also encrypted network drives. The ransomware caused a lot of damage and specifically targeted organizations that could afford to pay. Ransom payments gathered from the attack between 2018 and 2019 are estimated at $640,000.
Probably the most unsavory ransomware attack that hit the world in 2018, GandCrab threatened to reveal victim’s porn-watching habits. Claiming to have high jacked user’s webcam, criminals demanded a ransom, or otherwise they would make the embarrassing footage public.
Ransom requests ranged from $500 to $600. Since 2019, different variants of ransomware were in circulation as hackers constantly kept making changes due to increased cybersecurity.
Protection from ransomware
The reason why cybercrime is so dangerous is the fact that attackers are always anonymous, using multiple ports and thus difficult to track down. To protect from ransomware, people can do the following:
• Keep the operating system patched and up-to-date. This will ensure that your computer and system has fewer vulnerabilities to exploit.
• Don’t install software or give administrative privileges unless you know exactly what it is and what it does.
• Since email is the most common way to infect a system, never open or download attachments from an unknown source or sender. Moreover, double-check with the sender if the email is, in fact, coming from them.
• Install antivirus software that can detect malicious programs likes ransomware. Additionally, whitelisting software can be installed to prevent unauthorized applications from executing in the first place.
• Large business and organization owners should contact security agencies designed specifically to combat ransomware.
• Back up your files frequently. It may be tedious work and won’t stop ransomware, but it can minimize the damage caused.