Ransomware is currently what can be called an industry since the financial volume of the relevant space for illegal activities in a virtual environment already amounts to billions of dollars.
The mentioned category of cybercrime is not something like the negative technological specifics of modernity or a phenomenon generated in recent years. This problem has existed for several decades, but the scale of its sensitive consequences, which have specific financial forms of expression in the form of monetary damage caused to victims, has recently expanded significantly. In a kind of hierarchy of threats in the cybersecurity area, ransomware is one of the leaders. In this case, it implies what can also be called leadership in bad things.
It is worth noting that in recent years, the issue of cybersecurity in general has become more relevant, due to the intensive development of technologies, including artificial intelligence. The use of advanced functional solutions in the virtual space has made the activities of criminals committing offenses in the digital environment sophisticated. New technologies mean new opportunities. At the same time, advanced technologies continue to be the driving force of progress in the global sense of the term and a platform for the material and digital evolution of humanity, even though they are being used by criminals. As for threats in the cyber environment, in this case, one of the counteraction tools is the personal awareness of users. For example, an Internet search query such as how to know if my camera is hacked will allow anyone to get information about signs of unauthorized access to the device.
Returning to the topic of ransomware, it is worth noting that this is a form of malware dating back to the 1980s. Cybercriminals use the appropriate method to lock files on their victims’ computers and then demand money to unlock them.
This month, ransomware officially turned 35 years old. This kind of anniversary cannot be called a festive one, since in this case implies a method of cybercrime that deprives and continues to deprive people of huge amounts of money. But at the same time, ransomware is a significant technology, even though it is used in negative scenarios. This method of committing cybercrime has its own history of development and qualitative transformation. Currently, cybercriminals can quickly spin up ransomware and deploy it across multiple targets.
Data from blockchain analysis company Chainalysis shows that last year, ransomware victims transferred $1 billion of extorted cryptocurrency payments to criminals operating in the digital environment.
Currently, the dominant view among experts is that the development of ransomware will continue. In the context of this opinion, it is separately noted that the future is being shaped by artificial intelligence, cloud computing, and geopolitics.
The first event, which is considered a ransomware attack, occurred in 1989. In this case, the hacker sent floppy disks to his victim via a standard physical mail parcel, claiming that they contained software that would determine whether someone was at risk of contracting AIDs. After installation, this software hid directories and encrypted file names on users’ computers after 90 reboots. Then a ransom note appeared on the computer screen. In this case, the victim was asked to send a cashier check to an address in Panama. Appropriate actions on the part of the victim were a condition for obtaining a license to restore files and directories.
In the cybersecurity community, the mentioned program became known as the AIDs Trojan. Martin Lee, EMEA lead for Talos, the cyber threat intelligence division of IT equipment giant Cisco, told media representatives that this program was the first ransomware and it came from someone’s imagination. It was also noted separately that this was not something that people had read about or that had been researched. Martin Lee underlined that there was not even a theoretical concept of ransomware. It was not even discussed. Currently, ransomware is no longer what can be called an unknown cybersecurity challenge, but the scale of financial damage caused within this category of virtual crime has increased significantly.
The perpetrator, a Harvard-taught biologist named Joseph Popp, was caught and arrested. However, he demonstrated strange behavior and was declared unfit for trial. It is worth clarifying that in this case perpetrator is mentioned, who carried out the first ransomware attack in 1989.
Since AIDs Trojan emerged, ransomware has evolved significantly. In 2004, an attack was carried out using a program that is now known as GPCode. This program was delivered to the victims via email. Currently, the corresponding method of committing cyber attacks is known as phishing. In 2004, users, believing in the reliability of a promising career offer, downloaded an attachment containing malware disguised as a job application form. After opening, an attachment was downloaded, and installed malware on the victim’s computer, scanning the file system, encrypting files, and demanding payment via wire transfer. In the early 2010s, ransomware hackers turned to crypto as a method of payment.
In 2013, just a few years after the creation of bitcoin, the CryptoLocker ransomware emerged. Hackers targeting people and using this program demanded payment in either bitcoins or prepaid cash vouchers. In this case, there is what can be called an early example of how crypto became the preferred currency for ransomware hackers. Later, cybercriminals developed more prominent examples of ransomware attacks, which selected crypto as a ransom payment method including the likes of WannaCry and Petya.
Martin Lee stated that cryptocurrencies provide many advantages to the bad guys since it is in this case they offer a way to transfer valuables and money outside the regulated banking system in an anonymous and immutable way.
CryptoLocker has become somewhat notorious in the cybersecurity community as one of the earliest examples of a ransomware-as-a-service operation. In this case, it means the initial stage of the existence of ransomware as a service that developers sell to more novice hackers for a fee to allow them to carry out attacks in virtual space. According to Martin Lee, there was an increase in professionalism in the relevant segment of cybercrime in the early 2010s. In this context, it was noted that the gang behind CryptoLocked was very successful in committing crimes.
Many experts think that as the ransomware industry develops, hackers will find more and more new ways to use this technology to exploit businesses and individuals.
A report from Cybersecurity Ventures predicts that by 2031, ransomware will cause $265 billion in financial damage to victims annually.
Some experts fear that artificial intelligence may or has already lowered the barrier to entry for criminals who are looking to create and use ransomware. Generative machine intelligence tools such as ChatGPT from OpenAI allow consumers to enter text-based queries and requests and receive sophisticated responses formulated within the framework of the human thinking paradigm. It is worth noting that some programmers are already using generative artificial intelligence tools to write code.
Mike Beck, chief information security officer of Darktrace, said during a conversation with media representatives that machine intelligence provides tremendous opportunities both for arming cybercriminals and for improving productivity and operations in cybersecurity companies. According to the expert, it is necessary to arm yourself with the same tools used by criminals operating in virtual space. Mike Beck also stated that the bad guys are going to be using the same tooling that is being used alongside all that kind of change today.
Martin Lee does not reckon artificial intelligence poses as severe a ransomware risk as many would think. In this context, he noted that there are many hypotheses that machine intelligence is very useful for social engineering. According to him, the simplest cyber attacks are the most successful.
In the context of threats and risks of the future, the potential danger is related to possible attacks on cloud systems in which companies store data and host websites and apps remotely from far-flung data centers. It is worth noting that the relevant actions are consistent with what can be called the logic of cybercrime. Criminals operating in virtual space tend to use advanced technologies, and it is natural to assume that at some point they will begin to direct their attacks at large-scale digital functional systems that are becoming increasingly important and significant for businesses and individuals, including in a financial context.
Martin Lee stated that so far there has not been an awful lot of ransomware hitting cloud systems. At the same time, in his opinion, this is likely to be observed in the future.
Martin Lee reckons that humanity may eventually face ransomware attacks that encrypt cloud assets or withhold access to them by changing credentials or using identity-based attacks to deny users access.
It is also currently expected that in the coming years, geopolitics will become an important factor impacting the development of ransomware. According to Martin Lee, over the past 10 years, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware has transformed into a geopolitical weapon that can be used as a tool to disrupt organizations in countries identified by certain world capitals as hostile. In the relevant context, he noted that it is fascinating to see how the criminal world could be co-opted by a nation-state to do its bidding.
The autonomous distribution of ransomware, according to Martin Lee, is another risk that is gaining momentum. In this context, he stated that there is a possibility that there will be more similar programs that spread autonomously and, perhaps, not hitting everything in their path, but limited to a specific domain or a specific organization.
Martin Lee also expects ransomware-as-a-service to expand rapidly. In his opinion, it will be increasingly observed that the ransomware ecosystem is becoming more professional. He also suggests that in this case there will be a movement almost exclusively toward the ransomware-as-a-service model.
At the same time, there are currently no expectations among experts that the very makeup of the mentioned technology will change dramatically in the coming years. At the same time, in their opinion, the ways of using ransomware by criminals will evolve.
Jake King, security lead at internet search firm Elastic, said during a conversation with media representatives that outside of RaaS providers and those leveraging stolen or procured toolchains, credentials, and system access have proven to be effective. Also in this context, it was noted that until further roadblocks appear for adversaries, the same patterns will continue to be observed.
