Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As the ransomware industry evolves, experts predict that hackers will continue to find more and more ways to use the technology to exploit businesses and individuals.
Sexan Master | Moment | Getty Images
Ransomware is now a multi-billion dollar industry. But it wasn’t always this big — and it wasn’t as prevalent a cybersecurity risk as it is today.
Originating in the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology, which officially turned 35 on December 12, has come a long way: now criminals can spin up ransomware much faster and deploy it on multiple targets.
Cybercriminals made $1 billion in cryptocurrency extortion from ransomware victims in 2023 is a record number, according to blockchain analytics company Chainalysis.
Experts expect ransomware to continue to evolve, and today’s cloud computing technologies, artificial intelligence and geopolitics will shape the future.
How did ransomware appear?
The first event considered a ransomware attack occurred in 1989.
The hacker physically mailed diskettes that claimed to contain software that could help determine whether someone was at risk of developing AIDS.
However, once installed, the software hid directories and encrypted file names on people’s computers after they were rebooted 90 times.
It will then display a ransom message asking you to send a cashier’s check to an address in Panama for a file and directory recovery license.
The program became known in the cybersecurity community as the “AIDS Trojan.”
“This was the first ransomware and it came out of someone’s imagination. It’s not something they’ve read about or researched,” Martin Lee, EMEA head of Talos, the cyber threat intelligence division of IT equipment giant Cisco, told CNBC in an interview.
“It was just never discussed before. There wasn’t even a theoretical concept of ransomware.”
The perpetrator, biologist Joseph Pope, who studied at Harvard, was caught and arrested. However, after displaying erratic behavior, he was declared unfit to stand trial and returned to the United States.
How Ransomware Developed
Since the appearance of the AIDs Trojan, ransomware has evolved significantly. In 2004, a criminal ransomware perpetrator known today as “GPCode” targeted Russian citizens with criminal ransomware.
The program was delivered to people via email, an attack method commonly known today as “phishing”. Lured by the promise of an attractive career offer, users downloaded an attachment containing malware masquerading as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanned the file system and encrypted files, and demanded payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a payment method.
In 2013, just a few years after the creation of Bitcoin, the CryptoLocker ransomware appeared.
Hackers targeting people with this program demanded payment in Bitcoin or prepaid cash vouchers, but this was the first example of crypto becoming the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks that chose crypto as a ransom payment method included WannaCry and Petya.
“Cryptocurrencies offer a lot of advantages for the bad guys precisely because they are a way to anonymously and immutably move value and money outside of the regulated banking system,” Lee told CNBC. “Once someone has paid you, that payment cannot be rolled back.”
CryptoLocker also became infamous in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation—that is, a ransomware service sold by developers to novice hackers for a fee to carry out attacks. .
“In the early 2010s, we’re seeing an increase in professionalization,” Lee said, adding that the gang behind CryptoLocker was “very successful in running the crime.”
What’s next for ransomware?
As the ransomware industry continues to evolve, experts predict that hackers will continue to find more and more ways to use this technology to exploit businesses and individuals.
Ransomware will appear by 2031 casualties are estimated to cost $265 billion annuallysays a Cybersecurity Ventures report.
Some experts worry that artificial intelligence has lowered the barrier to penetration for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow ordinary Internet users to insert text queries and queries and get complex, human-like answers in return—and many programmers even use it to help them write code.
Mike Beck, chief information security officer at Darktrace, told CNBC “Squawk Box Europe“Artificial intelligence is opening up ‘enormous opportunities’ — both for weaponizing cybercriminals and for improving the productivity and work of companies engaged in cyber security.
“We have to arm ourselves with the same tools that the bad guys use,” Beck said. “The bad guys will use the same tools that are used with all these changes today.”
But Lee doesn’t think artificial intelligence is as big a threat to ransomware as many think.
“There’s a lot of speculation that AI is very good for social engineering,” Lee told CNBC. “However, if you look at the attacks that are out there and clearly work, it’s usually the simplest that are so successful.”
Focus on cloud systems
A serious threat to watch out for in the future could be hackers targeting cloud-based systems that allow businesses to store data and host websites and applications remotely from distant data centers.
“We haven’t seen a lot of ransomware affecting cloud systems, and I think that’s probably going to be the future as it evolves,” Lee said.
According to Lee, we may eventually see ransomware attacks that encrypt cloud assets or delay access to them by changing credentials or using identity-based attacks to deny users access.
Geopolitics is also expected to play a key role in the development of ransomware in the coming years.
“Over the past 10 years, the distinction between criminal ransomware and attacks on nation states has become increasingly blurred, and ransomware has become a geopolitical weapon that can be used as a geopolitical tool to destroy organizations in countries perceived as hostile,” he said. Lee. .
“I think we’ll probably see more of that,” he added. “It’s interesting to see how the underworld can be co-opted by a nation-state to do its bidding.”
Another risk Lee sees is the offline distribution of ransomware.
“There is still room for more ransomware to emerge that spreads autonomously — perhaps not infecting everything in its path, but limiting itself to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand quickly.
“I think we will increasingly see the ransomware ecosystem become more professional, moving almost exclusively to a ransomware-as-a-service model,” he said.
But even as the ways criminals use ransomware evolve, the actual makeup of the technology isn’t expected to change too dramatically in the coming years.
“Beyond RaaS providers and those using stolen or purchased toolchains, credentials and system access have proven to be effective,” Jake King, head of security at online search firm Elastic, told CNBC.
“Until there are new roadblocks for adversaries, we will likely continue to see the same patterns.”
