itstargetnews
As the ransomware industry grows, experts predict that hackers will only continue to find more and more ways to exploit the technology to attack businesses and individuals.
Masters of Sex | Moments | Getty Images
Ransomware is now a billion-dollar industry. But it wasn’t always that big — nor was it the widespread cybersecurity risk it is today.
Ransomware, which dates back to the 1980s, is a form of malware used by cybercriminals to lock files on personal computers and demand payment to unlock them.
The technology, which officially turns 35 on December 12, has come a long way, with criminals now able to launch ransomware faster and deploy it to multiple targets.
cyber criminals Extortion of $1 billion in cryptocurrency payments According to blockchain analytics firm Chainaanalysis, 2023 saw a record number of ransomware victims.
Experts expect ransomware to continue to evolve, with modern cloud computing technology, artificial intelligence and geopolitics shaping the future.
How does ransomware originate?
The first incident considered to be a ransomware attack occurred in 1989.
A hacker physically mailed floppy disks claiming they contained software that could help determine whether someone was at risk of developing AIDS.
However, once installed, the software hid directories and encrypted file names after people’s computers were restarted 90 times.
It then displays a ransom note asking for a cashier’s check to be sent to an address in Panama in order to obtain a license to recover files and directories.
The program has been dubbed the “AIDS Trojan” by the cybersecurity community.
“This is the first ransomware that came from someone’s imagination. It’s not something they’ve read about or studied,” said Martin Lee, head of Europe, the Middle East and Africa at Talos, the cyber threat intelligence arm of IT equipment giant. Ciscosaid in an interview with CNBC.
“Before this, there had never been any discussion of this issue. There wasn’t even a theoretical concept of ransomware.”
The perpetrator, a Harvard professor and biologist named Joseph Pope, was caught and arrested. However, after displaying erratic behavior, he was deemed unfit to stand trial and was returned to the United States.
How ransomware evolved
Ransomware has changed a lot since the emergence of the AIDS Trojan. In 2004, a threat actor targeted Russian citizens using a criminal ransomware program known today as “GPCode.”
The program was sent to people via email – a method of attack now commonly referred to as “phishing.”
Lured by the promise of attractive career opportunities, users download an attachment containing malware disguised as a job application form.
Once opened, the attachment downloads and installs malware on the victim’s computer, scans the file system and encrypts files, and requests payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to cryptocurrencies as a method of payment.
CryptoLocker ransomware emerged in 2013, just a few years after Bitcoin was created.
Hackers targeting the program demanded payment in Bitcoin or prepaid cash vouchers — an early example of how cryptocurrencies are becoming the currency of choice for ransomware attackers.
Later, more prominent examples of ransomware attacks in which cryptocurrency was chosen as a ransom payment method include: want to cry and Petya.
“Cryptocurrency offers many advantages to bad actors precisely because it is a way to move value and funds in an anonymous and immutable way outside of the regulated banking system,” Lee told CNBC. “If someone pays You, this payment cannot be reversed.”
CryptoLocker also became notorious in the cybersecurity community as one of the earliest examples of a “ransomware-as-a-service” operation, a ransomware service where developers charged more novice hackers to allow them to carry out attacks.
“In the early 2010s, we became more professionalized,” Lee said, adding that the gang behind CryptoLocker was “very successful in criminal activity.”
What’s next for ransomware?
As the ransomware industry continues to grow, experts predict that hackers will only continue to find more and more ways to exploit the technology against businesses and individuals.
By 2031, ransomware will Estimated annual losses to victims total $265 billionAccording to a report by Cybersecurity Ventures.
Some experts worry that artificial intelligence lowers the barrier to entry for criminals who want to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT allow everyday internet users to plug in text-based queries and requests and get complex, human-like responses—many programmers even use it to help them write code.
Mike Beck, chief information security officer at Darktrace, told CNBC’s “european scream boxThere is a “tremendous opportunity” for artificial intelligence — both in arming cybercriminals and improving the productivity and operations of cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys use,” Baker said. “The bad actors will use the same tools that are used today with all these changes.”
But Lee believes the ransomware risk posed by artificial intelligence is not as serious as many people think.
“There’s a lot of assumptions that AI is great for social engineering,” Li told CNBC. “However, when you look at existing and demonstrably effective attacks, you find that the simplest attacks are often the most successful.”
Targeting cloud systems
A serious threat to be wary of in the future could be hackers targeting cloud systems, which enable businesses to remotely store data and host websites and applications from distant data centers.
“We haven’t seen a lot of ransomware attacks on cloud systems, and I think that may be the future as it evolves,” Lee said.
Lee said ransomware attackers may in the future encrypt cloud assets or block access to them by changing credentials or using identity-based attacks to deny users access.
Geopolitics is also expected to play a key role in how ransomware develops in the coming years.
“Over the past decade, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware is becoming a geopolitical weapon,” Lee said. “I think we’re probably going to see more of this,” he added.
Another risk that Lee sees growing in popularity is autonomously distributed ransomware.
“There will still be more ransomware that spreads autonomously – perhaps not attacking everything in their path, but limiting themselves to specific areas or organizations,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we will increasingly see the ransomware ecosystem become more professionalized and move almost entirely to a ransomware-as-a-service model,” he said.
But even as the ways in which criminals use ransomware continue to evolve, the actual makeup of the technology is not expected to change much in the coming years.
“It turns out that the credentials and system access are valid except for RaaS providers and those leveraging stolen or procured toolchains,” Jake King, director of security at internet search company Elastic, told CNBC.
“Until adversaries present additional obstacles, we will likely continue to observe the same pattern.”
