December 2024 is a unique moment in the history of cybersecurity – marking 35 years since the first recorded ransomware attack and 20 years since the emergence of its modern, criminal form. Since then, ransomware has undergone a spectacular evolution, transforming from an experimental tool used by hackers into one of the biggest threats on the Internet.
Currently, ransomware attacks constitute a significant challenge for both businesses and individual users, leveraging advanced encryption algorithms and new blackmail strategies. Analyzing the past 35 years, we can see the vast changes that have occurred in the landscape of cyber threats and how advanced cybercriminals’ methods have become.
Ransomware on a floppy disk
“The first ransomware attack took place in 1989 when a Trojan horse was implemented on floppy disks, allegedly containing a questionnaire assessing the risk of AIDS. After 90 computer starts, the malicious software encrypted files, demanding a ransom in the form of a cash check. Although the perpetrator was identified, he was not prosecuted. Ultimately, difficulties in distributing malicious software and receiving payments in the pre-Internet era meant that these attempts often ended in failure,” informs Martin Lee, leader of Cisco Talos in EMEA.
The risk associated with ransomware was only recognized by researchers in 1996. They identified not only the seriousness of this threat, but also key defensive mechanisms: efficient antivirus software and regular system backups.
Difficult Beginnings
In December 2004, the first evidence of the criminal use of ransomware – GPCode – was discovered, which attacked users in Russia via email attachments posing as job offers. However, the application had significant weakness: it lacked an easy and anonymous way of collecting ransom without revealing the perpetrator’s identity. Over time, criminals began using more advanced methods, such as forcing victims to buy products over the Internet and then sending ransom demands in exchange for decryption instructions.
Cryptocurrencies to the Aid of Ransomware
Virtual exchanges became a way of transferring money past the standard banking system, allowing criminals to collect ransom while remaining anonymous. The emergence of cryptocurrencies like bitcoin provided criminals with an effective way of receiving ransom while maintaining full anonymity. Since that time, cryptocurrencies have become the standard for ransomware groups, increasing the scope and efficacy of their operations.
Partner Ecosystem
Cyber criminals developed advanced portals for their partners, allowing them to measure success and access new features facilitating attacks and collecting ransom.
The Struggle with Bigger Players
In 2016, a new variant of ransomware, SamSam, was identified. Instead of focusing on the largest number of infections, it targeted specific institutions, demanding large sums of ransom.
The Birth of Modern Ransomware
In November 2019, ransomware attacks reached a higher level with Maze software, which introduced the method of double extortion. Criminals not only encrypted victims’ data but also stole confidential information, threatening their publication.
Lessons for Businesses and Industry
In 2024, the IT landscape has significantly changed from 1989 or 2004. However, actions of law enforcement led to the arrest and indictment of many ransomware operators. The other criminals who avoided arrest were subjected to international sanctions, and the infrastructure they used to coordinate attacks and their cryptocurrency wallets were seized.
Modern technologies allow for detecting attempts to encrypt files and react more effectively to threats. Although some types of malicious software may remain unnoticed by antivirus programs, modern endpoint protection systems continually search for evidence that unknown programs are trying to encrypt files without permission.
The Achilles heel of ransomware is backups. Data that is copied and stored offline can be used to restore files that would otherwise be damaged and lost, thereby eliminating the need to pay ransom for their recovery.
“Ransomware is likely not going to disappear – its profitability ensures that it will stay with us for many years and will continue to evolve. Cybercriminals will still show remarkable ingenuity in devising new techniques and methods to improve their business model and avoid detection of themselves and their malware. However, the cybersecurity industry responds with its own innovations, constantly creating new tools and protection strategies. Through continuous updating of knowledge and global cooperation, we can reduce risk and build a more resilient digital future,” summarizes Martin Lee of Cisco Talos in the EMEA region.
Source: https://managerplus.pl/35-lat-ransomware-historia-ewolucja-i-przyszlosc-87230
