Ransomware is one of the most insidious types of malware out there. It can hold your computer hostage until you pay a ransom, and it’s been on the rise in recent years. But where did ransomware come from, and how has it evolved? In this blog post, we’ll take a look at the history and evolution of ransomware. We’ll also discuss some of the best ways to protect yourself against it. So read on to learn more about ransomware!

Early Years

Cases of ransomware infection were first seen in Russia between 2005 and 2006. Trend Micro published a report on a case in 2006 that involved a ransomware variant (detected as TROJ_CRYZIP.A) that zipped certain file types before overwriting the original files, leaving only the password-protected zip files in the user’s system. It also created a text file that acted as the ransom note informing users that the files can be retrieved in exchange for US$300.

In its earlier years, ransomware typically encrypted particular file types such as .doc, .xls, .jpg, .zip, .pdf, and other commonly used file extensions.

In 2011, Trend Micro published a report on an SMS ransomware threat that asked users of infected systems to dial a premium SMS number. Detected as TROJ_RANSOM.QOWA, this variant repeatedly displayed a ransomware page to users until they paid the ransom by dialing a certain premium number.

Another notable report involved a ransomware-type that infects the Master Boot Record (MBR) of a vulnerable system, preventing the operating system from loading. To do this, the malware copies the original MBR and overwrites it with malicious code. It then forces the system to restart so that the infection takes effect and displays the notification (in Russian) once the system restarts.

Ransomware Spreads Outside Russia

Between 2009 and 2013, ransomware saw a global surge in inactivity. The first appearance of ransomware outside of Russia was in September 2009 when the German Federal Office for Information Security (BSI) warned users about WinLock, a screen locker that displayed a message informing users that their system had been locked by law enforcement for viewing illegal content. The message also claimed that the user would have to pay a fine of 100 euros through a specific payment method to unlock their system.

In 2012, ransomware began appearing in the United States. The first recorded case was in February of that year when The FBI reported a case of the Reveton ransomware. The Reveton ransomware locked users’ computers and displayed a message that claimed to be from the FBI. The message stated that the user had been engaged in illegal activity and would have to pay a fine of $200 through a specific payment method to unlock their system. The ransomware also included the user’s IP address and other personal information in the message.

This was followed by the first case of crypto-ransomware in the United States in September 2012. The FBI reported a case of the CryptoLocker ransomware that encrypted users’ files and demanded a ransom of $300 to $600 in Bitcoins to decrypt the files. The ransom was increased if the payment was not made within a certain period.

In 2013, ransomware saw a significant increase in activity with several high-profile cases. The first case was in May 2013 when The Washington Post reported on a ransomware attack on the network of a small law firm in Pennsylvania. The attackers used the CryptoLocker ransomware to encrypt the firm’s files and demanded a ransom of $150,000 to decrypt the files.

The Future of Ransomware

The ransomware landscape has changed significantly since its early years. The number of ransomware variants and the sophistication of attacks have increased dramatically. The targets of ransomware attacks have also expanded beyond individual users to include businesses, hospitals, and even government agencies.

The future of ransomware is likely to see more targeted attacks with higher ransom amounts. The rise of ransomware-as-a-service (RaaS) platforms has made it easier for cybercriminals to launch ransomware attacks. The RaaS business model allows anyone with little to no technical expertise to launch a ransomware attack.

The growth of cryptocurrency is also likely to fuel the future of ransomware. The anonymity and global nature of cryptocurrency make it an attractive payment method for ransomware attackers. The value of Bitcoin has also increased significantly in recent years, making it a more profitable target for ransomware attacks.

The increase in targeted ransomware attacks is likely to result in higher ransom amounts. The WannaCry ransomware attack in May 2017 resulted in ransom payments of over $140,000. The NotPetya ransomware attack in June 2017 also resulted in ransom payments of over $10 million. The future of ransomware is likely to see even higher ransom amounts as attackers target more valuable data.

Ransomware has come a long way from the early days of malware. It’s now one of the most profitable types of cybercrime, and it doesn’t look like it will be going away any time soon. That’s why it’s more important than ever to be prepared for ransomware attacks. Are you? If not, give us a call today. We can help you make sure your business is safe from this growing threat.

Are You Looking For A Computer Security Service You Can Finally Trust?

Managed Technology Solutions, also known as ManagedTEK – IT Security Services & Monitoring, is a managed service provider that provides IT support and security solutions for businesses throughout the greater San Francisco Bay Area. ManagedTEK, was founded on an urgency to empower and protect our community from the digital war on personal security and privacy. We focus and specialize in protecting businesses from falling victim to increasingly complex cyber threats. We use cutting-edge technology along with proven cybersecurity practices to provide support and protection for small businesses. Contact us today for your free consultation!