As the ransomware industry grows, experts predict that hackers will only continue to find more and more ways to use the technology to take advantage of businesses and individuals.
Genius Master | Minute | Getty Images
Ransomware is now a billion-dollar industry. But it wasn't always so big – and it wasn't the common cybersecurity threat it is today.
Dating back to the 1980s, ransomware is a type of malware used by cybercriminals to lock files on a person's computer and demand payment to unlock them.
The technology – which officially turned 35 on December 12 – has come a long way, with criminals now able to spin ransomware much faster and use it across multiple targets.
Cybercriminals built in $1 billion of complex cryptocurrency payments from ransomware victims in 2023 – the highest level, according to data from the blockchain analysis company Chainalysis.
Experts predict that ransomware will continue to grow, with today's cloud computing technology, artificial intelligence and geopolitics shaping the future.
How did ransomware come about?
The first known ransomware attack occurred in 1989.
A hacker emailed physical floppy disks claiming to contain software that could help determine whether someone was at risk of developing AIDS.
However, once installed, the software would hide directories and rotate file names on people's computers after 90 reboots.
He would then present a ransom note requesting that a cashier's check be sent to an address in Panama for permission to retrieve the files and records.
The program has been dubbed by the cybersecurity community as the “AIDs Trojan.”
“This was the first ransomware and it came from someone's imagination. It wasn't something they had read about or researched,” said Martin Lee, EMEA director for Talos, the cyber threat intelligence division of the IT equipment giant. Ciscoto CNBC in an interview.
“Before that, it was never discussed. There wasn't even a theoretical concept of ransomware.”
The perpetrator, a Harvard-educated biologist named Joseph Popp, was caught and arrested. However, after exhibiting erratic behavior, he was found unfit to stand trial and returned to the United States.
How ransomware is developed
Since the appearance of the AIDs Trojan, ransomware has evolved significantly. In 2004, a threat actor targeted Russian citizens with a criminal ransomware program known today as “GPCode.”
The program was delivered to people via email – an attack method commonly known as “phishing”.
Users, lured by the promise of an attractive job offer, would download attachments containing malware disguised as a job application form.
When opened, the link was downloaded and installed malware on the victim's computer, scanning the file system and encrypting files and demanding payment via wire transfer.
Then, in the early 2010s, ransomware hackers turned to crypto as a form of payment.
In 2013, just a few years after the creation of bitcoin, the CryptoLocker ransomware appeared.
Hackers targeting people with this program demanded payment either in bitcoin or in prepaid cash vouchers – it was a good example of how crypto became the currency of choice for cargo -ransomware attack.
Later, more prominent examples of ransomware attacks that chose crypto as the ransom payment method of choice included such WannaCry and Pet.
“Cryptocurrency offers many advantages to the bad guys, simply because it is a way to transfer value and money outside of the regulated banking system in a way that is anonymous and immutable,” said Lee told CNBC. “If someone paid you, that payment can't be taken back.”
CryptoLocker also became famous in the cybersecurity community as one of the earliest examples of “ransomware-as-a-service” operations – that is, a ransomware service sold by developers to more hackers for a fee to allow them to carry out attacks. .
“In the early 2010s, we have this increase in professionalism,” Lee said, adding that the gang behind CryptoLocker was “very successful in operating the crime.”
What's next for ransomware?
As the ransomware industry continues to grow, experts predict that hackers will only continue to find more and more ways to use the technology to take advantage of businesses and individuals.
By 2031, ransomware it is estimated to cost victims a combined $265 billion annuallyaccording to a report from Cybersecurity Ventures.
Some experts worry that AI has lowered the barrier to entry for criminals looking to create and use ransomware. Next-generation AI tools like OpenAI's ChatGPT allow everyday Internet users to submit text-based questions and requests and receive sophisticated, human-like answers in response—and many programmers even using it to help them write code.
Mike Beck, Darktrace's chief information security officer, told CNBC “Squawk Box Europe” there is a “huge opportunity” for AI – both in arming the cybercriminals and improving productivity and operations within cybersecurity companies.
“We have to arm ourselves with the same tools that the bad guys use,” Beck said. “The bad guys are going to use the same tools that are used with all kind of change today.”
But Lee doesn't think AI is as much of a ransomware threat as many would think.
“There's a lot of speculation that AI is great for social engineering,” Lee told CNBC. “However, when you look at the attacks that are out there and clearly work, it tends to be the simplest and most successful.”
Focusing on cloud systems
A real threat to watch out for in the future may be hackers targeting cloud systems, which allow businesses to store data and host websites and apps remotely from distant data centers.
“We haven't seen a lot of ransomware hitting cloud systems, and I think that's probably the future going forward,” Lee said.
Ransomware attackers in the future could encrypt cloud assets or deny access to them by changing credentials or using identity-based attacks to deny access to users, according to Lee.
Geopolitics is also expected to play a major role in the way ransomware evolves in the coming years.
“Over the past 10 years, the distinction between criminal ransomware and nation-state attacks has become increasingly blurred, and ransomware is becoming a geopolitical tool,” Lee said. maybe we're going to see more of that,” he said.
Another threat that Lee sees gaining traction is autonomously distributed ransomware.
“There is still a chance that there will be more ransomwares that will spread independently – perhaps not hitting everything in their path but limiting themselves to a specific area or group,” he told CNBC.
Lee also expects ransomware-as-a-service to expand rapidly.
“I think we'll see more and more of the ransomware ecosystem becoming increasingly professional, moving almost exclusively towards that ransomware-as-a-service model,” he said.
But even as the ways in which criminals use ransomware continue to evolve, the actual nature of the technology is not expected to change in the coming years.
“Outside of RaaS providers and those benefiting from stolen or purchased device chains, credentials and system access have been effective,” said Jake King, director of security at Internet research firm Elastic, to CNBC.
“Until other roadblocks appear for his enemies, we will likely continue to stick to the same patterns.”
