The Continued Rise of Ransomware

By: Jordan

5, December, 2019


Featured - News -

Cloud Blog

Cybersecurity is something to be taken very seriously today. Criminal activities have kept pace with evolution of the world and digitalization, with cyberattacks now a fitting form of crime aligning with the adoption of digital technologies. Today’s cybercrimes threaten safety, privacy and even life as the hackers are capable of attacking one’s personal devices, business systems and even healthcare devices like pacemakers.


Ransomware is one of the several forms of cyberattacks and locks out organizations and individuals out of their own systems and data unless they pay the ransom money. Ransomware attacks have become popular, mostly because of their cold-blooded nature of attack.


Today, more and more ransomware attacks target businesses instead of the initial focus on individuals, clearly because of the greater profits a ransomware attack on a business could help the hackers generate.


There has been a 363% year-on-year surge in the ransomware attacks on entities in the first half of 2019, according to a report by Malwarebytes. Not only businesses buy local governments and public sector units have fallen victim to the attacks since the start of 2019. Several states in the US have been targeted by ransomware attacks and the worst part is that many of these states have complied to the ransom demands of the attackers, which has obviously emboldened the criminals.


Compliance to ransomware demand is one of the many reasons why such attacks are on a rise. They have clearly worked out and attained the objective!


A revelation in May 2019 by the authors of the GandCrab malware marked that their GandCrab ransomware-as –a-service helped in extorting over $2 billion in ransom since the deployment in early 2018, with the authors getting enough as part of their cuts -for leasing out the ransomware- to ‘retire.’


From the First to the Latest


A Harvard-trained biologist by the name Joseph L. Popp developed the first ever ransomware virus called ‘AIDS Trojan’ in 1989 and passed it on in the form of diskettes to the attendees of the World Health Organization’s international AIDS conference; however, the tools to decrypt the virus were soon made available. This attack was the earliest in the documented history and it affected the healthcare industry, which continues to remain on the radar of the attackers till today.


Ransomware started gaining momentum after 2006 and cybercriminals started using more sophisticated asymmetric RSA encryption by then, with the Archiveus Trojan being the first in the lineup to use the RSA encryption, making it much more damaging and invasive than its predecessor.


More ransomware viruses with higher RSA encryption continued to surface over the years. By mid-2011, ransomware gained a much stronger foothold and the authors of the malware functions started to use more sophisticated forms for facilitating attacks. By third quarter of 2011, there 60,000 new ransomware detections were found. Moreover, during the same year the world also saw its first large-scale ransomware outbreak with use of anonymous payment services, setting the path for large scale ransomware attacks.


Moving ahead, a toolkit called Citadel was launched in 2012 for distribution of malware and botnet management that allowed cybercriminals to install their ransomware viruses on computers already breached by another malware in the past for a minimal fee. This pay-per-install scheme drove the number of ransomware infections beyond 100,000 in the first quarter of 2012.


In September 2013, the world’s first cryptographic malware ‘CryptoLocker’ that could spread through downloads from email attachments or compromised website arrived. Between October 15 and December 18 of 2013, an estimated sum of more than $27 million was moved in ransom in the form of bitcoins to four bitcoin accounts associated with CryptoLocker. The success of CryptoLocker drove the development of copycat software dubbed Locker in mid-December 2013 and a spate of more advanced and resilient malware arrived subsequently.


In 2014, an improved version of CryptoDefense dubbed CryptoWall entered the scene, posting malicious advertisements on domains of well-known companies like The Guardian and Disney and leading the users to CryptoWall-infected sites. The virus, which exploited a Java vulnerability, was deemed as one of most destructive ransomware malware on the Internet at that time by cybersecurity experts.


As years rolled by, new and advanced versions of ransomware viruses continued to wreak havoc and in early 2016 came Petya that spread through infected e-mail attachments. While Petya was giving a hard time to companies, another deadly ransomware dubbed WannaCry struck hundreds of thousands of computers across the world in May 2017 through a series of coordinated cyberattacks that spread within hours, crippling several businesses and administrations across 150 countries by leveraging the Microsoft EternalBlue exploit. The attack caused billions in damage. Close on its heels arrived a new variant of Petya dubbed as NotPetya, which exploited the same EternalBlue for facilitating a cyberattack that was primarily aimed at Ukraine. The deadly campaign spread beyond it intended victim, affecting firms like FMCG company Mondelez, shipping company Maersk, pharmaceutical firm Merck and many others, costing over $10 billion in total damages.


Ransomware in 2019

As the world becomes more connected, cyber threats continue to evolve, with the world seeing newer versions of cyberattacks with every passing day. A recent report by McAfee found 35% growth in new malware samples in the first quarter of 2019.


Some of the latest ransomware viruses threatening the world are Ryuk and Dharma. The world, according to the Coveware Q2 Ransomware Marketplace Report, has suffered $11.5 billion in damages in 2019 at the hands of ransomware, with RDP compromise being the primary attack reason behind 59% of attacks. The report also highlights that email phishing continues to be one of the most preferred ways of infecting, with 34% of attacks being carried out by email phishing.


Efforts on both the ends are getting stronger. While hackers are becoming craftier with their creations, developing more advanced and complex malware, organizations on the other side are increasingly investing in reinforcing their cybersecurity defenses to prevent attacks. However, certain actions like improper data backup and restoration facilities, succumbing to the ransomware demands and lack of cybersecurity awareness and training for employees and public in general are some of the factors that are encouraging hackers to continue wage cyberattacks that cost fortunes to the economies.