The threat of ransomware has never been greater. That’s why today we’re taking a look at the history of ransomware and the consequences for businesses, as well as what end users think about the issue.
The history of ransomware
One of the first ransomware attacks was the AIDS Trojan. This malware used floppy disks, which were also used by researchers to share results, to spread. However, this Trojan was relatively harmless. The user had to install it manually from the floppy disk and send a check to Panama for the decryption code. Due to the symmetric encryption used and the fact that only the file names were encrypted, security experts were also able to recover the data.
11 years later, the LoveBug virus in May 2000 proved the potential scale that these ransomware programs could reach. The creator of the LoveBug virus – a student in the Philippines – laid the foundation for a billion-dollar extortion industry. This ransomware harmed both private users and companies for the first time. In the end, over 45 million computers were infected and offline worldwide.
The AIDS Trojan and LoveBug inspired other extortionists who forced victims to buy keys or decryption software with GPCoder (2004) and Archievus (2006). Again, IT security experts were able to recover much of the data without purchasing keys.
The next generation of ransomware would not be so easy to defeat. CryptoLocker, CryptoDefense and CryptoLocker2.0, which were unleashed on the world in 2013, use novel methods for distribution and encryption. The ransomware was now spreading via infected email attachments and websites. Botnets now provide cybercriminals with direct access to infected systems. In addition, strong AES-256 encryption has now been used. This encryption now offered a major challenge for IT security experts. The Bitcoin payment method additionally obscured the routes and destinations for the ransom. As a result, it took a whole year before the botnet could finally be unmasked and largely deactivated.
The next development is probably known to most people: WannaCry. This ransomware finally exposed the potential of this type of malware in 2017. In just four days, more than 230,000 devices from over 150 countries were infected. Blackmail letters in 20 different languages were written.
Ransomware in the present
Malware has become extremely complex and spreads many times faster than before. The targets have mostly changed as well: instead of individuals, more and more companies and organizations are becoming targets, as they can pay much higher ransoms. According to coverware experts, hackers generate an average of $110,000 per case. Better phishing methods that enable more believable mails with malicious code make smaller companies a target as well. These often do not have sufficient backups. Larger companies, even with good backups and IT infrastructure, sometimes have to go offline for days to clean up all systems.
End-user expectations have also risen since the early days of ransomware. A survey by Veritas Technologies shows a clear picture. Although end users expect companies to stand up to hackers and not pay a ransom, they quickly change their attitude as soon as personal information is affected. In this case, a large proportion of end customers expect to pay an average of €1070/user. These amounts add up quickly and, in the case of recent attacks, amount to several hundred million euros. In addition, compensation and consequences for the company’s top management (in some cases even imprisonment!) are expected. And the damage to the company’s image in the event of a successful hack is enormous. 42% of respondents would no longer purchase from successfully hacked companies.
Protection against ransomware
You can protect yourself against ransomware. The most important means against ransomware are secure, offline stored or read-only and frequently created backups. This allows the system to be quickly reset to a clean state. But here you can do a lot wrong! Backups that are easily accessible from the network are often co-encrypted or deleted by viruses! A good firewall is also important. Next generation firewalls use intelligent algorithms to detect and stop attacks at an early stage. This is important because early detection of an attack does a lot to minimize damage.