Ransomware can be explained as a malicious file or software that gets downloaded on your system, which then after gaining access to a system, encrypts all its files and locks the user out of its own device. These ransomware attackers then ask for a ransom that needs to be paid in bitcoin, so they do not get tracked. Upon failing to do so within the time slot allotted to the victim, the files start getting deleted. Even if the ransom is paid, there is still no guarantee that all is not lost and ransomware recovery will be done.
Some of the biggest ransomware attacks have been recorded as NotPetya, WannaCry, Locky, CrySis and many more. These cyberattacks have generated massive revenue for the ransomware market and cybercriminals extracted massive salaries. The market continues to flourish as companies are willing to pay the criminals what they demand in order to save their valuable data that has been breached.
Let’s look at the evolution of ransomware, where it started and where it is now in time.
Aids Trojan – 1989
This ransomware recorded to be the first in history was created by a Harvard trained evolutionary biologist, Joseph L. Popp. In that time, this ransomware was in a disk, and nearly 20,000 were distributed to the attendees of the World Health Organization’s International AIDS conference. The diskettes were titled as “AIDs Information—- Introductory Diskettes” and became the first generation ransomware that was easily overcome.
Archiveus Trojan – 2006
Archiveus Trojan appeared as the newer, much more refined ransomware than what was observed seventeen years ago. This particular ransomware was not that easy to remove, as it used RSA encryption. It encrypted everything in MyDocumnets folder and the only way to decrypt was to purchase a 30 digit code from an online pharmacy. Disguised as a job application, attached in the email – it affected several systems.
WinLock – 2007
This simply locked users out of their systems and displayed pornographic images until a ransom of $10 was paid.
GPcode.AK – 2008
A variant of initial GPcode was released onto the public that used 1,024-bit RSA key.
Ransomware Outbreak – 2011
A large scale outbreak of ransomware happened during the first two quarters of 2011. Since there were new payment methods introduced that year, which allowed the criminals to be undetected and they abused this power by collecting large sums of ransoms. Nearly 30,000 new ransomware samples were discovered in the first two quarters of 2011, which then doubled to 60,000 in the third quarter.
WannaCry, ExPetr – 2017
WannaCry was a large scale ransomware attack, showing that ransomware is not only meant for extortion purposes. But in fact WannaCry ended up exploiting a vulnerability in the implementation of SMB Windows, which was fixed by the company, but several users didn’t update and run the latest security patch. ExPetr was a more serious threat than WannaCry, disguised as ransomware, but in actual it was a a Wiper.