Ransomware attacks are increasing at an alarming rate worldwide. In response, knowledge of ransomware history and ransomware origins must also increase. This will help you respond better if you or your business falls victim to an attack.
The ransomware origin timeline starts with the AIDS Trojan in 1989. From there, ransomware grew very quiet, with only fragmented or inconsequential attacks being attempted. However, as the ability to harness always-on connectivity and social media outlets grew, so did the prevalence of ransomware.
CryptoLocker, which emerged in 2013, introduced a historic turning point in ransomware. This attack disabled more than 250,000 computers and generated at least $3 million for its creators. Attacks have grown both in frequency and in the damage they cause. WannaCry (2017) caused an estimated $4 billion in losses. And just last year, three notable attacks (on Colonial Pipeline, JBS, and Kaseya) caused widespread infrastructure and business outages.
The financial incentive for carrying out these attacks has only increased over the course of ransomware history. The arrival of cryptocurrencies has made it easier for attackers to enjoy the financial benefits of their work, while also making it increasingly difficult for law enforcement to hone in on these nefarious parties.
In following the timeline of ransomware history, there are commonalities that can help us better understand the ins and outs of ransomware:
As the tools used by malicious parties mature, these attributes can still be used to define how attacks are carried out. Whether the ransomware tool is homegrown or purchased from a ransomware-as-a-service (RaaS) provider, the rules governing ransomware attacks have remained unchanged for more than 30 years. We can use this established framework to better prepare ourselves to defend against an attack before one can take place.
The saying that history repeats itself is very much true when applied to ransomware attacks. Ransomware toolkits are designed to target specific user behaviors, common technology vulnerabilities, and unchanged default security configurations. Initiators of ransomware attacks will continue to use technical and/or human vulnerabilities to execute damaging attacks.
All this needs to change if we’re to start taking ground back from the malicious parties who employ ransomware to achieve financial and destructive goals. These attack modes will remain unchanged until we adjust our habits and attitudes when engaging with technology.
The clues of the past that are revealed from knowing ransomware’s origins continue to provide the signposts for fighting ransomware. From these we can continue to build strategies that harden technology against attacks and provide education to technology users.