Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As the ransomware industry evolves, experts predict that hackers will continue to find more and more ways to use technology to exploit companies and individuals.
Sexan Master | Moment | fake images
Ransomware is now a multi-billion dollar industry. But it wasn’t always as big, nor was it as prevalent a cybersecurity risk as it is today.
Ransomware, which dates back to the 1980s, is a form of malware used by cybercriminals to lock files on a person’s computer and demand a payment to unlock them.
The technology, which officially turned 35 on December 12, has come a long way: criminals can now activate ransomware much faster and deploy it to multiple targets.
Cybercriminals Raised $1 Billion in Extorted Cryptocurrency Payments of ransomware victims in 2023, a record, according to data from blockchain analysis firm Chainalysis.
Experts expect that ransomware will continue to evolve and that modern cloud computing technology, artificial intelligence and geopolitics will shape the future.
How did ransomware emerge?
The first event considered a ransomware attack occurred in 1989.
A hacker physically mailed floppy disks that claimed to contain software that could help determine whether someone was at risk of developing AIDS.
However, when installed, the software would hide directories and encrypt file names on people’s computers after rebooting them 90 times.
It would then display a ransom note requesting that a cashier’s check be sent to an address in Panama to obtain a license to restore the files and directories.
The program became known by the cybersecurity community as the “AIDS Trojan.”
“It was the first ransomware and it came from someone’s imagination. It wasn’t something they had read about or researched,” said Martin Lee, EMEA leader at Talos, the IT equipment giant’s cyber threat intelligence division. Cisco told CNBC in an interview.
“Before that, it had never been discussed. There wasn’t even the theoretical concept of ransomware.”
The perpetrator, a Harvard-educated biologist named Joseph Popp, was captured and arrested. However, after displaying erratic behavior, he was declared unfit to stand trial and returned to the United States.
How ransomware has developed
Since the AIDS Trojan emerged, ransomware has evolved a lot. In 2004, a threat actor attacked Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was delivered to people via email, an attack method commonly known today as “phishing.” Users, tempted with the promise of an attractive career offer, downloaded an attachment containing malware disguised as a job application form.
Once opened, the attachment downloaded and installed malware on the victim’s computer, scanned the file system, encrypted the files, and demanded payment via bank transfer.
Then, in the early 2010s, ransomware hackers turned to cryptocurrencies as a payment method.
In 2013, just a few years after the creation of bitcoin, CryptoLocker ransomware emerged.
Hackers attacking people with this program demanded payment in bitcoins or prepaid cash vouchers, but it was an early example of how cryptocurrencies became the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks that selected cryptocurrencies as a ransom payment method included attacks such as I want to cry and Petya.
“Cryptocurrencies provide many advantages to bad actors, precisely because they are a way to transfer value and money outside of the regulated banking system in an anonymous and immutable way,” Lee told CNBC. “If someone has paid you, that payment cannot be reversed.”
CryptoLocker also became famous in the cybersecurity community as one of the first examples of a “ransomware-as-a-service” operation, that is, a ransomware service sold by developers to more novice hackers in exchange for a fee to allow them to carry carried out attacks. .
“In the early 2010s, we had this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker was “very successful in operating the crime.”
What’s next for ransomware?
As the ransomware industry evolves further, experts predict that hackers will continue to find more and more ways to use technology to exploit companies and individuals.
By 2031, ransomware will be It is expected to cost victims a combined total of $265 billion a year.according to a report by Cybersecurity Ventures.
Some experts are concerned that AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday Internet users to insert text-based queries and requests and get sophisticated, human-like responses in response, and many programmers are even using them to help them write code.
Mike Beck, chief information security officer at Darktrace, told CNBC “Squawk Europe Box“There is a ‘huge opportunity’ for AI, both to arm cybercriminals and to improve productivity and operations within cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys use,” Beck said. “The bad guys are going to use the same tools that are used today along with all those kinds of changes.”
But Lee doesn’t think AI poses as serious a ransomware risk as many might think.
“There are a lot of hypotheses about AI being very good at social engineering,” Lee told CNBC. “However, when we look at the attacks that exist and clearly work, it tends to be the simplest ones that are so successful.”
Targeting cloud systems
A serious threat we need to pay attention to in the future could be hackers targeting cloud systems, which allow companies to store data and host websites and applications remotely from remote data centers.
“We haven’t seen a huge amount of ransomware hitting cloud systems, and I think that’s probably the future as it moves forward,” Lee said.
According to Lee, we could eventually see ransomware attacks that encrypt cloud assets or retain access to them by changing credentials or using identity-based attacks to deny access to users.
Geopolitics is also expected to play a key role in how ransomware evolves in the coming years.
“Over the past 10 years, the distinction between criminal ransomware and attacks on nation-states is becoming increasingly blurred, and ransomware is becoming a geopolitical weapon that can be used as a geopolitical tool to disrupt organizations in countries perceived as hostile.” “Lee said. .
“I think we’ll probably see more of that,” he added. “It’s fascinating to see how the criminal world can be co-opted by a nation state to do its bidding.”
Another risk that Lee sees gaining ground is autonomously distributed ransomware.
“There is still room for more ransomware to spread autonomously, perhaps not attacking everything in its path, but limiting itself to a specific domain or a specific organization,” he told CNBC.
Lee also expects ransomware as a service to expand rapidly.
“I think we’ll increasingly see the ransomware ecosystem professionalize, moving almost exclusively toward that ransomware-as-a-service model,” he said.
But even though the ways in which criminals use ransomware will evolve, the actual makeup of the technology is not expected to change too drastically in the coming years.
“Outside of RaaS providers and those leveraging acquired or stolen toolchains, credentials and system access have proven to be effective,” Jake King, security lead at internet search firm Elastic, told CNBC.
“Until more obstacles appear for adversaries, we will likely continue to see the same patterns.”
