Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As the ransomware industry evolves, experts predict that hackers will only continue to find more and more ways to use technology to exploit businesses and individuals.
Sixth Master | moment | Getty Images
Ransomware is now a billion dollar industry. But it wasn’t always as big — nor was it as prevalent a cybersecurity risk as it is today.
Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to lock files on a person’s computer and demand payment to unlock them.
The technology – which officially turned 35 on December 12 – has come a long way, with criminals now able to spin up ransomware much faster and deploy it on multiple targets.
Cybercriminals rake in $1 billion in extorted cryptocurrency payments from ransomware victims in 2023 – a record high, according to data from the blockchain analysis company Chainalysis.
Experts expect ransomware to continue to evolve, with modern cloud computing technology, artificial intelligence and geopolitics shaping the future.
How was ransomware born?
The first event considered to be a ransomware attack occurred in 1989.
A physical hacker sent diskettes that they claimed contained software that could help determine if someone was at risk of developing AIDs.
However, when installed, the software hid folders and encrypted file names on people’s computers after 90 reboots.
He would then show a ransom note requesting a cashier’s check to be sent to an address in Panama for a license to restore the files and folders.
The program has become known in the cyber security community as the “AIDs Trojan”.
“It was the first ransomware and it came from someone’s imagination. It wasn’t something they had read or that had been investigated,” Martin Lee, EMEA lead for Talos, the cyber threat intelligence division of the giant of l Cisco IT equipment. he told CNBC in an interview.
“Before that, it was never discussed. There was not even the theoretical concept of ransomware.”
The perpetrator, a Harvard-educated biologist named Joseph Popp, was caught and arrested. However, after exhibiting erratic behavior, he was found unfit to stand trial and returned to the United States.
How ransomware developed
Since the Trojan AIDs emerged, ransomware has evolved a lot. In 2004, a threat actor targeted Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was sent to people by email – an attack method now commonly known as “phishing”. Users, tempted with the promise of an attractive career offer, downloaded an attachment containing malware masquerading as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanning the file system and encrypting files and demanding payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a payment method.
In 2013, just a few years after the creation of bitcoin, the CryptoLocker ransomware emerged.
The hackers who targeted people with this program demanded payment in bitcoin or prepaid cash vouchers – but it was a prime example of how crypto has become the currency of choice for ransomware attackers.
Subsequently, more prominent examples of ransomware attacks that have chosen crypto as the ransom payment method of choice include the likes of I want to stop and Petya.
“Cryptocurrencies provide many advantages for the bad guys, precisely because it is a way of transferring value and money outside of the regulated banking system in an anonymous and immutable way,” Lee told CNBC. “If someone has paid you, that payment cannot be refunded.”
CryptoLocker has also become known in the cybersecurity community as one of the first examples of a “ransomware-as-a-service” operation – that is, a ransomware service sold by developers to novice hackers for a fee to allow you to make attacks. .
“In the early 2010s, we have this increase in professionalization,” said Lee, adding that the gang behind CryptoLocker was “very successful in the operation of crime.”
What’s next for ransomware?
As the ransomware industry evolves further, experts predict that hackers will only continue to find more and more ways to use technology to exploit businesses and individuals.
By 2031, ransomware is expected to cost victims a combined $265 billion a yearaccording to a report by Cybersecurity Ventures.
Some experts worry that AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday Internet users to enter text-based questions and requests and receive sophisticated, human-like responses in response—and many programmers also use them to help write code.
Mike Beck, chief information security officer at Darktrace, told CNBC “Squawk Box Europe” There is a “huge opportunity” for AI – both in weaponizing cybercriminals and in improving productivity and operations in cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys use,” Beck said. “The bad guys are going to use the same tools that have been used alongside all this kind of change today.”
But Lee doesn’t think AI poses as severe a ransomware risk as many think.
“There’s a lot of speculation that AI is very good for social engineering,” Lee told CNBC. “However, when you look at the attacks that are out there and clearly work, it tends to be the simpler ones that are so successful.”
Targeting cloud systems
A serious threat to watch out for in the future could be hackers targeting cloud systems, which allow companies to store data and host websites and apps remotely from distant data centers.
“We haven’t seen a lot of ransomware hitting cloud systems, and I think that’s likely to be the future going forward,” Lee said.
We may eventually see ransomware attacks that encrypt cloud assets or prevent access to them by changing credentials or using identity-based attacks to deny user access, according to Lee.
Geopolitics is also expected to play a key role in the way ransomware evolves in the coming years.
“Over the past 10 years, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware has become a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived as hostile,” Lee said. .
“I think we’re probably going to see more of that,” he added. “It’s fascinating to see how the criminal world could be co-opted by a nation state to do its bidding.”
Another risk that Lee sees gaining traction is autonomously distributed ransomware.
“There’s still room for more ransomware out there that spreads autonomously — maybe not hitting everything in its path, but limiting itself to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we’re increasingly seeing the ransomware ecosystem becoming more and more professional, moving almost exclusively toward that ransomware-as-a-service model,” he said.
But even as the ways in which criminals use ransomware are poised to evolve, the current makeup of technology is not expected to change too drastically in the coming years.
“Outside of RaaS providers and those exploiting stolen or purchased toolchains, credentials and system access have proven to be effective,” Jake King, head of security at Internet research firm Elastic, he told CNBC.
“Until more roadblocks appear for adversaries, we will likely continue to observe the same patterns.”
