[BreachExchange] The evolution of ransomware: From hobby hackers to a multibillion-dollar operation

Mon Sep 11 21:17:55 EDT 2017

http://tech.economictimes.indiatimes.com/catalysts/the-
evolution-of-ransomware-from-hobby-hackers-to-a-
multibillion-dollar-operation/2593

In recent months, ransomware has become a mainstream topic across the world
thanks to a string of high profile attacks across the globe. There is a
sense that no one is immune to attacks from a persistent and organised
community of cybercriminals who use ransomware as their main modus
operandi. Some of the most worrying attacks have been those on national
infrastructure. During the WannaCry attack, for example, the UK’s National
Health Service (NHS) was majorly affected, demanding payments of $300 or
$600 per computer to restore access. The disruption led to significant
delays in hospitals and surgeries across the country.

Today, ransomware is one of the most popular forms of malware, but this
hasn’t always been the case. Malware, like any virus, favours threats that
can adapt and evolve to their surroundings. As we become more connected,
and our economy gets more digital, we face a growing threat from
cyberattack, with ransomware at the heart of the modern cybercriminals’
arsenal.

>From cyber vandals to cyber criminals

The origins of ransomware can be traced as far back as 1989, when
unsuspecting victims were infected with the ‘AIDS Trojan,’ which was
distributed through floppy disks that were sent to victims via the normal
postal service. Although the world was unprepared for such an attack, the
virus struggled to spread at the time as few people used personal
computers, and the internet was still in its very early stages. In addition
to this, encryption technology was still limited at the time.

In spite of this early beginning, ransomware wasn’t a popular form of
malware in the 90s and early 00s as the main aim was to gain notoriety
through cyber pranks and vandalism, with hackers using graphics to
communicate the attack to the user. These graphics were sometimes amusing
and creative – so much so that some of them have been immortalised in an
online ‘Malware Museum,’ where you can interact with viruses of yesteryear
- with their malicious elements removed.

These days rather than sending a cheeky update to let you know you’ve been
hacked the first most people and organisations hear of a successful attack
is when the orchestrator starts asking for bitcoin. Unfortunately,
ransomware has thrived in our new digital economy thanks to the emergence
of almost impossible to trace crypto currencies. Early examples of
ransomware in its modern guise were seen in the form of Cryzip in 2006.
However, it wasn’t until 2013 that we saw the poster children for modern
ransomware in the form of CryptoLocker and CryptoWall, released four years
after Bitcoin was released as an open-source software. These viruses were
distributed via a simple attachment and evading usual prevention techniques
proceeded to quickly find and encrypt their victim’s data. The next part
was simple: pay up or lose your data.

The emergence of a multi-million dollar industry

Monetization is the key element that has set ransomware apart from
traditional virus models. CryptoLocker and CryptoWall inspired a whole new
generation of copy-cat cyber criminals. You only need to look at the
figures to figure out why ransomware attacks have rapidly accelerated.
Security experts have estimated that $1billion was deposited into Bitcoin
wallets associated with ransomware cyber criminals in 2016 alone. This
makes it an incredibly lucrative business, and is why criminals are now
looking beyond the humble personal computer to more valuable targets like
governments, the utility industry and larger companies. This was the aim of
the recent WannaCry and Petya global attacks, which infected major
companies and national infrastructure in pursuit of bigger budgets able to
pay larger ransom amounts.

This paints a bleak picture, but there is a silver lining. As attacks
evolve, cybersecurity efforts are evolving to meet the challenge. WannaCry
for example was stopped in its tracks by a security professional who
engaged a ‘kill switch’ domain. The increased awareness of cyberattacks is
leading to greater investment in preventative technology. Ransomware and
other viruses will continue to evolve.

Organisations and companies who want to protect themselves from a growing
threat to their systems and reputation must not wait for an attack to be
successful before they invest in their security systems. Protection from
the threat of ransomware means acting now, and arming themselves with
equally scalable and advanced weapons to combat a complex and evolving
threat which shows no sign of slowing down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170911/db164750/attachment.html>