The Evolution of Ransomware

Ransomware has increasingly become a massive threat to businesses, governments, and everyday users alike. A ransomware attack can cause monetary damage into the millions and even jeopardize classified information.

In simple terms, a ransomware attack is a cyberattack where criminals gain access to your computer and encrypt your files, making them inaccessible. The cybercriminals then demand a ransom payment in exchange for unlocking your files.

Ransomware has been around for a while, but it’s evolved significantly over the years. Keep reading to learn about the evolution of ransomware from its early beginnings in 1989 to the present.

Ransomware as Early as 1989

The first-known ransomware attack was launched physically in 1989, known as the AIDS Trojan. A Trojan Horse attack is malware disguised as legitimate software.

The attack spread a relatively simple virus that would lock users out of their computer’s files and demand payment so users could regain access. The name was given because the attack was deployed during the World Health Organization (WHO) AIDS conference, where biologist Joseph Popp gave around 20,000 infected floppy discs to eventgoers.

After inserting the disc, a message would pop up:

The attack wasn’t very widespread due to the lack of the internet at the time.

Nothing Notable Until the 2000s

After the AIDS Trojan, for over a decade, not much ransomware appeared. However, in 2005, a new form of ransomware emerged called GPCode and in 2006, Archiveus.

Ransomware attacks during this time typically followed the same pattern as the AIDS Trojan, with cybercriminals infecting a user’s computer and demanding payment to regain access. However, these attacks were deployed digitally, usually distributed through email phishing scams or Trojan horses.

Ransomware Attackers Start Using Cryptography in 2009

By 2009, ransomware became mainstream and more devastating with the introduction of cryptography and cryptocurrency. These encryptions made it harder to break the encryption and get files back.

This was a turning point that paved the way for more aggressive ransomware strategies in the future. Ransomware attacks began targeting businesses and organizations, and ransom demands skyrocketed.

More Criminal Activity and Ransomware-as-a-Service (RaaS) Surface in 2016

One notable cryptoworm attack, using cryptography to install malware, was the “WannaCry” attack in 2017. WannaCry affected over 300,000 computers in 150 countries.

At around the same time, the evolution of ransomware continued with the emergence of ransomware-as-a-service (RaaS).

RaaS is a subscription-based service that allows scammers with little technical knowledge to carry out ransomware attacks. Essentially, a criminal can rent out a ransomware strain to launch attacks without the need for any coding skills.

This ease of access led to the rapid rise of ransomware attacks in recent years.

Build Up to the Colonial Pipeline Attack in May 2021

The Colonial Pipeline attack that took place in May of 2021 is considered one of the most high-profile ransomware attacks to date.

The attack was carried out by a group known as DarkSide, who used ransomware to lock down the pipeline’s systems and demanded $5 million in Bitcoin as ransom. The attack led to widespread fuel shortages and caused severe disruptions across the eastern United States.

Bottom Line: Ransomware Attacks are Here to Stay

The evolution of ransomware has come a long way since the simple AIDS Trojan of 1989.

Ransomware attacks have become increasingly sophisticated and widespread, causing substantial financial and social damage worldwide. Today, ransomware attacks are a serious threat that you shouldn’t take lightly. Individuals, businesses, and governments need to be aware of these threats and take the necessary precautions to prevent attacks from happening in the first place. By working together and staying informed, you can protect yourself and your organization against these damaging cyberattacks.