Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Evolution of Ransomware

ransomware-blog-header (1)

about the author

With just over 1 in 2 UK businesses experiencing an attack in the past year, in a market which is predicted to grow to $120.1 billion in 2017, you are probably no stranger to the villainous word “ransomware.” For those of us not yet in the know, let me shed some light on this unfortunate phenomenon of today’s technologically advanced world.

Ransomware is a type of malicious application employed by cyber criminals to steal control of a user’s data or entire device in an often successful attempt to extort money from an individual or business. These attacks stem from clicking on a malicious attachment or link in an email, clicking on harmful online advertising called ‘malvertising’, security flaws in vulnerable software which has not been kept up to date, pop up websites and even from legit websites which have been infected with malicious code. Bottom Line: No matter how careful we are no one is 100% safe from a ransomware attack.

So, where did this type of attack originate and how has it become so popular today?

The Early Days

The very first instance of ransomware dates back to 1989 with Dr. Joseph Popp’s AIDS Trojan Virus being disseminated via floppy disk. 20,000 of these infected floppy disks were mailed to attendees of the World Health Organisation’s international AIDS conference. Once inserted into a PC the disk acted as a Trojan Horse replacing the AUTOEXEC.BAT file which was then used to track how many times the PC was booted. Once booted 90 times the AIDS Trojan encrypted all the names of the files on the local drive rendering the system inaccessible until the user sent $189 to a post box in Panama, US. Pretty primitive stuff.

Internet Era

Ransomware has gone through some big changes before developing into the sophisticated form we know today. As a result, ransomware protection has changed also. Early instances in the digital era often displayed a message stating that the user was being fined by the police or government for breaching a policy. The only way to remove the charges was to pay the phony fine. Then in 2006 ransomware upped its game with the Archiveus Trojan. This variant encrypted everything in the ‘My Documents’ folder and forced victims to purchase items from an online pharmacy to receive the 30-digit password.

Fast forward to 2011, the year ransomware really stuck its teeth in when cyber criminals everywhere realised just how effective a method it is to quickly make money on a wide scale. Around 60,000 ransomware attacks were detected in late 2011. This increased to over 200,000 in 2012, catapulting to 330,000 in 2015. 2015 also saw the introduction of a real game changer known as ‘Chimera’ which it is feared will become the basis of many future attacks. Chimera not only encrypts files but also threatens to publish them online if the victim fails to pay up. 

2017: The year of the Cyber Attack

In 2017, ransomware strikes in the most brutal and merciless way possible to cause maximum disruption and instill utmost panic in the user in terms of a lack of ransomware protection. It no longer targets just individual users but entire networks, including those in hospitals. All easily brought down at just the click of a button. Ransomware today is commonly divided into two types: Locky Ransomware and Crypto Locker. The former locks the user out of their device until the ransom is paid, while the latter encrypts all of the user’s files offering the decryption key for a hefty price. The most prevalent ransomware strains out there today include Tescrypt, Crowti and Fakebsod, though in total there are over 120 variants of ransomware.

It cost you how much?!

The fee demanded can be unforgiving. One in five UK companies hit by ransomware reported being charged more than £10,000 to unlock their files, with 3% of the demands in excess of £50,000.

However, other criminals aim lower with one-fifth of ransoms coming in at under £500, explaining why so many businesses pay up. Particularly if you consider that approximately one-third of British victims did not have a system back up to retrieve their vital files and data.

Key Takeaways

  • Employee education and awareness is a vital first defence for ransomware protection.
  • Remember that anti-malware protection will not always prevent a ransomware attack.
  • Do not pay a ransom unless absolutely necessary, and be aware that by doing so you are not guaranteed that your files will be released. You are also contributing to the rise of such attacks.
  • Report incidents to Action Fraud
  • Always remember to back it up!
  • Keep your software and operating system up to date.
  • Create a communication plan to keep your clients informed in the event of an attack.

Please download our ransomware infographic for more information and key statistics for your employee base. Also, click here to view a promo for one of our upcoming courses on ransomware, coming to a screen near you in May 2017 to increase awareness among your staff.

you might enjoy reading these