The Evolution of Ransomware: From Simple Malware to Sophisticated RaaS Operations

Ransomware Remains an Ever-Present Threat

One of the biggest cyber sleuths of the last few years has been without a doubt Ransomware that has caused billions in financial losses and operational disruption for companies
and individuals alike.
Ransomware has grown from a primitive tool designed to encrypt files and demand payment into an advanced criminal ecosystem with Ransomware-as-a-Service (RaaS)
capabilities that made it simple for threat actors to pull off attacks.

The evolution of piracy from an act perpetrated by amateurs to a threatening crime around the world

The first ransomware attack that was reported happened in 1989 and this computer virus was called AIDS Trojan; this virus was copied on floppy disks and shared among the attendees of the World Health Organization’s conference.
Unlike today’s ransomware which is highly developed to extort money from the user, this early type of ransomware was less sophisticated and it merely encrypted the files on a computer and then displayed a pop-up message in exchange for money to unencrypt the files. Ransomware remained a regional threat for a while but with the penetration of the internet and advancement in technology it spread to the international level.
Ransomware first emerged in the early 2000s and was disseminated through the use of infected emails with attached files, and via websites that persuade people to downloading
the malware and running it on their systems. The initial ransomware variants that emerged included GPCode and Archiveus, which employed inexperienced encryption methods that could be easily decrypted, thus,
the option to pay was not the only way of getting back the files.

Techniques and Strategies of CryptoLocker and Present Day Ransomware

However, it was in 2013 that the overall picture of ransomware programs evolved with the release of the CryptoLocker ransomware that used high-quality encryption to lock the files of those infected and demanded payment in bitcoins.CryptoLocker was delivered through e-mail attachments and also Capitalized on unpatched software like Java or Adobe Flash to infect systems. It was highly successful, affecting over 500000 systems and garnering an estimated $3 million in ransom payments before being shut down in 2014 by authorities. A new breed of ransomware, CryptoLocker’s successors CryptoWall, Locky, and Cerber are just but some, they have continued to re-emerge in the market. These new modern ransomware variants applied various degrees of complexity which includes polymorphic encryption and anti-analysis mechanisms in order to avoid being detected by security programs. They also shifted their focus not only to the common people but also to the companies and organizations, with ransoms usually going in tens or hundreds of
thousands of dollars.

The Emergence of Ransomware-as-a-Service

At the current rate, ransomware has undergone multiple changes in the last two years with the entry of Ransomware-as-a-Service (RaaS). RaaS stands for ransomware as a service, which is a business model through which ransomware developers’ license their tools to their partners and resell them while receiving a cut
of the sums paid by victims.This model has brought the ability to commence ransomware attacks even by those individuals with little knowledge of coding and programming in their hands. Some of the most infamous ransomware-as-a-service (RaaS) variants that have taken place include Sodinokibi, commonly referred to as REvil.Sodinokibi appeared in early 2019 and is considered one of the most active ransomware in the current threat landscape that affected big brands, such as Travelex, Grubman Shire Meiselas & Sacks, and
Kaseya among others. Sodinokibi works under the capacity of a profit-making business, where the partners are rewarded with 60 to 70 percent of the caches seized as ransoms. Another RaaS worthy of particular attention is the DarkSide that entered the world’s spotlight in the first half of 2021 when it successfully targeted the Colonial Pipeline leading to fuel scarcity in several states in the southeastern region of the United States. Speculations on Darksides’ operations resonate with those of Sodinokibi in terms of profit share where the affiliate end takes a 75-90% cut of the ransom amount.

The Future of Ransomware

Since ransomware is a ever heating up with time and has become as much sophisticated as possible, it is not surprising to predict arduous and widespread ransomware attacks in the feature. One of the emerging trends that have already been observed is the so-called double-barreled scenario, according to which, along with the encryption of files, the attackers make unauthorized copies of the data and threaten to publish it if the money is not transferred to them. This pressure multiplies the chances that the victims will pay the ransom, as everyone is often ready to do anything to prevent sensitive information leakage. Other trends that are expected to persist relate to specific attack vectors involving critical infrastructure and supplies chains. Colonial Pipeline and JBS Foods were hit recently to demonstrate that ransomware attacks are not okay for just the targeted organization alone. As vital infrastructure continues to link its processes to the internet and operational technology environment, ransomware is set to become much more than an economic threat – it will be far more deadly. Due to the increasing cases of ransomware threats that are exponentially destructive, it is essential for organizations to be
vigilant in the protection of their systems against cyber attacks. This entails ensuring that there is good backup and restore mechanisms we have, frequently updating the software and firewall, and ensuring that the employees are taught how to differentiate between a real and fake emails or any other form of communication that is a result of a cyber security threat. It also implies embracing other innovative security solutions like EDR, and MDR for real-time detection and response to ransomware attacks.

Related articles

Contact us

Cooperate with us to get comprehensive IT security

We will be happy to answer all your questions and help you find the services that best suit your needs.

My advantages:

What happens next?

1

We’ll arrange a call when it’s convenient for you

2

We conduct a discovery and advisory survey

3

We are preparing a proposal

Book a free consultation

Contact EN
First
Last