In 1989, ransomware claimed its first victims when a Harvard-educated biologist and AIDS researcher, Joseph Popp, distributed 20,000 floppy disks loaded with ransomware to AIDS researchers across 90 countries.
He claimed that the disks had a program that could analyze an individual’s risk of acquiring AIDS via a questionnaire. The recipients were unaware of a malware program inside the disks that activated itself and locked the computers after they were powered on for the 90th time post the malware’s entry into the system.
Once active, the malware displayed a message first demanding $189, and later another $378, for a software lease from a company called PC Cyborg. This attack became notoriously known as the AIDS Trojan or the PC Cyborg virus. That year, a new and formidable cybersecurity threat was born.
Ransomware’s emergence, however, began nearly 20 years later when ‘Police Locker’ attacks burst onto the scene. These attacks used a malware that changed a user’s desktop screen to depict a false note from a law enforcement agency – the police or the FBI. Interestingly, the attacks did not use encryption and could have been resolved simply by rebooting the computer, but it was the fear tactic that compelled several victims to pay hundreds of dollars in ransom.
Modern-day ransomware developers have come a long way since Joseph Popp in the late 80s, the use of RSA encryption in the mid-2000s and attacks such as Police Locker. While early ransomware developers developed the encryption code on their own, today’s attackers use existing libraries, which are harder to tackle, as well as spear phishing, among other methods.
Some of the most advanced cybercriminals are making a fortune out of selling ransomware-as-a-service, which has allowed even attackers with less technical skills to carry out massive attacks. Ransomware, such as CryptoLocker, CryptoWall, Locky and TeslaCrypt, are just some of the attacks that have emerged out of this new industry.
Cryptolocker, for instance, is a malware that encrypts files on Windows devices using advanced encryption to prevent users from accessing the files on the system. To obtain a private key to access the files again, users are warned of destruction of the data should they fail to pay the ransom
The introduction and use of cryptocurrency within the ransomware industry has also made transactions more difficult to trace than conventional ones. For example, the hackers that carried out the WannaCry ransomware attacks that wreaked havoc worldwide, demanded that the ransom be paid in Bitcoin.
Through their three-decade long existence, ransomware attacks have only gone from strength to strength. While older threats reemerging is always a possibility, newer ones such as NotPetya and MAZE are constantly looking to take advantage of lapses in the cybersecurity defenses of companies worldwide.