As the ransomware industry evolves, experts predict that hackers will continue to find more and more ways to use this technology to exploit businesses and individuals.
Seksan Mongkol Kamsao | Moment | Getty Images
Ransomware is now a multi-billion dollar industry. But it wasn’t always that big. Nor was it the prevalent cybersecurity risk that it is today.
Ransomware dates back to the 1980s and is a type of malware used by cybercriminals to lock files on an individual’s computer and demand payment to unlock them.
The technology, which officially turned 35 years old on December 12, has come a long way, allowing criminals to create ransomware faster and deploy it to multiple targets.
Cybercriminals extorted $1 billion in crypto payments from ransomware victims in 2023, the highest amount on record, according to data from blockchain analysis firm Chainalysis.
Experts predict that ransomware will continue to evolve as modern cloud computing technology, artificial intelligence, and geopolitics shape the future.
How did ransomware occur?
The first event to be considered a ransomware attack occurred in 1989.
Hackers physically mailed floppy disks claiming they contained software that could help determine whether someone was at risk of developing AIDs.
However, after installing this software, the user’s computer is restarted 90 times, directories are hidden, and file names are encrypted.
It then displays a ransom note asking you to send a cashier’s check to an address in Panama to obtain a license to restore files and directories.
This program has become known as the “AIDs Trojan” by the cybersecurity community.
“This was the first ransomware that came out of someone’s imagination. It wasn’t something someone read or researched,” said Martin, head of EMEA at Talos, the cyber threat intelligence arm of tech giant Cisco. Lee said: He said this in an interview with CNBC.
“Before that, it wasn’t even discussed at all. There wasn’t even a theoretical concept of ransomware.”
The culprit, Joseph Popp, a biologist who studied at Harvard University, was arrested. However, after exhibiting erratic behavior, he was deemed unfit to stand trial and was returned to the United States.
How ransomware evolved
Ransomware has evolved significantly since the advent of the AIDs Trojan. In 2004, attackers targeted Russian citizens using a criminal ransomware program known today as “GPCode.”
This program was delivered to people via email. This is an attack method commonly known today as “phishing.” Enticed by the promise of an attractive career offer, users end up downloading an attachment containing malware disguised as a job application form.
Once the attachment is opened, malware is downloaded and installed on the victim’s computer, scans the file system, encrypts files, and requests payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to cryptocurrencies as a payment method.
CryptoLocker ransomware emerged in 2013, just a few years after the birth of Bitcoin.
Hackers who targeted people with this program demanded payment in Bitcoin or prepaid cash vouchers, an early sign of how cryptocurrencies have become the currency of choice for ransomware attackers. That was an example.
Since then, some of the more prominent ransomware attacks that have chosen cryptocurrencies as a ransom payment method include WannaCry and Petya.
“Cryptocurrency offers a lot of advantages to bad actors because it’s really a way to transfer value and funds outside of the regulated banking system in an anonymous and immutable way,” Lee told CNBC. “If someone pays you money, you can’t roll back that payment.”
CryptoLocker also gained notoriety in the cybersecurity community as one of the earliest examples of “ransomware-as-a-service” operations. That is, ransomware services sold by developers to more novice hackers for a fee to enable them to carry out attacks. .
“In the early 2010s, there was an increase in professionalization,” Lee said, adding that the gang behind CryptoLocker was “very successful in running their crime.”
What’s next for ransomware?
As the ransomware industry further evolves, experts predict that hackers will continue to find more and more ways to exploit this technology to exploit businesses and individuals.
A report from Cybersecurity Ventures predicts that by 2031, ransomware will cost businesses a total of $265 billion annually.
Some experts worry that AI is lowering the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday internet users to insert text-based queries and requests and receive sophisticated, human-like answers in response. You may also find that many programmers use it to help write code.
Mike Beck, chief information security officer at Darktrace, told CNBC’s “Squawk Box Europe” that AI is being used to both arm cybercriminals and improve productivity and operations within cybersecurity companies. said there was a “huge opportunity”.
“We have to arm ourselves with the same tools that the bad guys are using,” Beck said. “The bad guys will be using the same tools that are being used today with that kind of change.”
But Lee doesn’t think AI poses as serious a ransomware risk as many people think.
“There are a lot of theories that AI is going to be very good at social engineering,” Lee told CNBC. “But when you look at the attacks that are out there and clearly work, the most successful tend to be the simplest attacks.”
Target cloud systems
A serious threat to watch out for in the future could be hackers targeting cloud systems that allow businesses to store data and host websites and apps remotely from far-flung data centers.
“I’ve never seen so much ransomware attack cloud systems, and I think that’s likely to happen as ransomware progresses,” Lee said.
Ultimately, Lee said, the end result is encrypting or withholding access to cloud assets by changing credentials or denying users access using identity-based attacks. Ransomware attacks may occur.
Geopolitics is also expected to play a key role in the evolution of ransomware in the coming years.
“Over the past decade, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, with ransomware now being used as a geopolitical tool to disrupt organizations in countries perceived as hostile. It’s becoming a geopolitical weapon that can be used,” Lee said. .
“Maybe more things like that will happen,” he added. “It’s interesting to see how the criminal world can be co-opted by a nation-state and do its bidding.”
Another risk that Lee draws attention to is autonomously distributed ransomware.
“It’s still possible that there will be more ransomware that spreads autonomously,” he told CNBC. “It’s probably not going to attack everything in its path, but it’s going to be limited to specific domains or specific organizations.” he said.
Lee also expects ransomware-as-a-service to expand rapidly.
“The ransomware ecosystem will become increasingly specialized and move almost exclusively to a ransomware-as-a-service model,” he said.
However, while the way criminals use ransomware is evolving, the actual makeup of the technology is not expected to change that dramatically over the next few years.
“Credentials and system access have proven to be effective for non-RaaS providers, or providers using stolen or obtained toolchains,” said Jake King, head of security at internet search company Elastic. he told CNBC.
“We will likely continue to see the same pattern until further obstacles emerge for adversaries.”
