The dangers of Ransomware are greater than ever, so today we will take a look at the history of Ransomware, the consequences for companies and the opinions of end consumers regarding this topic.
The history of Ransomware
One of the first Ransomware attacks was the AIDS-trojan. This software spread using floppy disks, which where used by researchers to share their findings with each other. It was pretty harmless, as the user had to install the virus manually and send a cheque to Panama to get the key to decrypt their data. Because this virus only encrypted the filenames and used a relativly weak symetrical encryption, security experts where able to recover the data without paying the ransom.
11 years later, another virus made history. LoveBug demonstrated the possible reach of Ransomware in the May of the year 2000. A student living in the Phillipines prepared the foundation of a multi-million dollar industry with this piece of software. LoveBug attacked both private user and – for the first time at this scale – companies. It infected and disabled over 45 million devices worldwide.
Inspired by the AIDS-trojan and LoveBug, further extortionists forced further victims to buy decryption keys using the Ransomware GPCoder (2004) and Archievus (2006). But IT-security experts where still able to recover most of the data without buying the decryption key.
The next generation of Ransomware would not be so kind. CryptoLocker, CryptoDefense and CryptoLocker2.0, which where set loose in 2013, brought huge challenges to IT-security experts trying to recover the data without buying keys. New methods of spreading the virus, which now included E-mail and infected websites, and a strong AES-256-encryption made these viruses more dangerous. Cybercriminals also started to use Botnets to directly control their attacks, which gave them more freedom to personally roam in corrupted networks. The new payment method Bitcoin prevented the culprits from beeing tracked easily. It took over a year to discover and disable most of the Botnet.
The next step is very well known: WannaCry. This Ransomware showed the full terrifying potential of Ransomware in 2017. In only 4 days, over 230.000 devices in over 150 countries where infected and blackmail in 20 different languages was sent out.
Ransomware in the present
Ransomware spreads much faster and is more complex than ever. The focus also shifted. As earlier Ransomware attacks tried to extort money from private individuals, many attacks now focus on companies and organisations, as these can pay higher ransoms. Coverware-experts found out, that hackers achieve on average 110.000$ per attack. And better Phishing methods and more convincing E-mails that carry the viruses also target smaller companies. These companies often lack the strong firewalls and backups needed to fend of such attacks.
The expectations of end consumers also rose since the earlier days of Ransomware. A survey conducted by Veritas Technologies found out, that end consumers want companies to fight against hackers and not pay ransom, but also expect companies to pay on average 1070€ per User if private or personal information is affected. This sum adds up quickly. The latest attacks would cost multiple hundreds of millions of euros. In addition, many want direct and peronal consequences for the leadership of companies, that have been successfully hacked. Some even demand prison sentences. Lastly, the damage to a companies image if it was successfully hacked is huge. 42% of the surveyed people no longer want to buy from companies, that have been successfully hacked.
Protection against Ransomware
It is possible to protect against Ransomware. The core part of a successful defense against Ransomware attacks are secure, frequent and offline stored backups. If the company is attacked, all systems can be quickly reset to a clean state without paying the ransom. But this is a huge pitfall. Unsecure, infrequent or backups that are saved in a location that is accessible via the network are often useless, when they are needed most. Many viruses activly seek out backups to destroy, delete or encrypt them. Infrequent backups are also useless, because any data that was generated between the last backup and the attack is completly lost. A strong firewall is also important. Next Generation Firewalls use intelligent algorithms to detect attacks early and stop them. This is important, as an early detection of an attack allows huge leaps in damage reduction.