Home / NEWS / Tech / Ransomware is 35 years old and now a billion-dollar problem. Here’s how it could evolve

Ransomware is 35 years old and now a billion-dollar problem. Here’s how it could evolve

As the ransomware earnestness evolves, experts are predicting hackers will only continue to find more and more ways of using the technology to take advantage of businesses and individuals.

Seksan Mongkhonkhamsao | Moment | Getty Images

Ransomware is now a billion-dollar industry. But it wasn’t always that jumbo — nor was it a prevalent cybersecurity risk like it is today.

Dating back to the 1980s, ransomware is a form of malware used by cybercriminals to imprison files on a person’s computer and demand payment to unlock them.

The technology — which officially turned 35 on Dec. 12 — has on a long way, with criminals now able to spin up ransomware much faster and deploy it across multiple targets.

Cybercriminals raked in $1 billion of blackmailed cryptocurrency payments from ransomware victims in 2023 — a record high, according to data from blockchain dissection firm Chainalysis.

Experts expect ransomware to continue evolving, with modern-day cloud computing tech, sham intelligence and geopolitics shaping the future.

How did ransomware come about?

The first event considered to be a ransomware attack happened in 1989.

A commonplace physically mailed floppy disks claiming to contain software that could help determine whether someone was at chance of developing AIDs.

However, when installed, the software would hide directories and encrypt file names on people’s computers after they’d rebooted 90 buts.

It would then display a ransom note requesting a cashier’s check to be sent to an address in Panama for a license to mend the files and directories.

The program became known by the cybersecurity community as the “AIDs Trojan.” 

“It was the first ransomware and it came from someone’s creative powers. It wasn’t something that they’d read about or that had been researched,” Martin Lee, EMEA lead for Talos, the cyber portent intelligence division of IT equipment giant Cisco, told CNBC in an interview.

“Prior to that, it was just never argued. There wasn’t even the theoretical concept of ransomware.”

The perpetrator, a Harvard-taught biologist named Joseph Popp, was caught and took. However, after displaying erratic behavior, he was found unfit to stand trial and returned to the United States.

How ransomware has developed

Since the Helps Trojan emerged, ransomware has evolved a great deal. In 2004, a threat actor targeted Russian citizens with a racketeer ransomware program known today as “GPCode.”

The program was delivered to people via email — an attack method today commonly skilled in as “phishing.” Users, tempted with the promise of an attractive career offer, would download an attachment which suppressed malware disguising itself as a job application form.

Once opened, the attachment downloaded and installed malware on the victim’s computer, investigating the file system and encrypting files and demanding payment via wire transfer.

Then, in the early 2010s, ransomware hackers bring out b developed to crypto as a method of payment.

Ransomware attacks could get worse next year, says TrustedSec's David Kennedy

In 2013, only a few years after the creation of bitcoin, the CryptoLocker ransomware emerged.

Hackers quarry people with this program demanded payment in either bitcoin or prepaid cash vouchers — but it was an early case of how crypto became the currency of choice for ransomware attackers.

Later, more prominent examples of ransomware attacks that chosen crypto as the ransom payment method of choice included the likes of WannaCry and Petya.

“Cryptocurrencies provide many advantages for the bad send ups, precisely because it is a way of transferring value and money outside of the regulated banking system in a way that is anonymous and immutable,” Lee predicted CNBC. “If somebody’s paid you, that payment can’t be rolled back.”

CryptoLocker also became notorious in the cybersecurity community as one of the earliest samples of a “ransomware-as-a-service” operation — that is, a ransomware service sold by developers to more novice hackers for a fee to allow them to support out attacks.

“In the early 2010s, we have this increase in professionalization,” Lee said, adding that the gang behind CryptoLocker were “entirely successful in operating the crime.”

What’s next for ransomware?

As the ransomware industry evolves even further, experts are suggesting hackers will only continue to find more and more ways of using the technology to exploit businesses and individuals.

By 2031, ransomware is

Some virtuosi worry AI has lowered the barrier to entry for criminals looking to create and use ransomware. Generative AI tools like OpenAI’s ChatGPT acknowledge everyday internet users to insert text-based queries and requests and get sophisticated, humanlike answers in response — and many programmers are notwithstanding using it to help them write code.

Mike Beck, chief information security officer of Darktrace, required CNBC’s “Targeting cloud systems

A serious threat to watch out for in future could be hackers targeting cloud systems, which entrust businesses to store data and host websites and apps remotely from far-flung data centers.

“We haven’t seen an unpleasant lot of ransomware hitting cloud systems, and I think that’s likely to be the future as it progresses,” Lee said.

We could eventually see ransomware bouts that encrypt cloud assets or withhold access to them by changing credentials or using identity-based attacks to turn down users access, according to Lee.

Geopolitics is also expected to play a key role in the way ransomware evolves in the years to come.

“Outstanding the last 10 years, the distinction between criminal ransomware and nation-state attacks is becoming increasingly blurred, and ransomware is befitting a geopolitical weapon that can be used as a tool of geopolitics to disrupt organizations in countries perceived as hostile,” Lee said.

“I suppose we’re probably going to see more of that,” he added. “It’s fascinating to see how the criminal world could be co-opted by a nation state to do its invitation.”

Another risk Lee sees gaining traction is autonomously distributed ransomware.

“There is still scope for there to be diverse ransomwares out there that spread autonomously — perhaps not hitting everything in their path but limiting themselves to a specified domain or a specific organization,” he told CNBC.

Lee also expects ransomware-as-a-service to expand rapidly.

“I think we will increasingly see the ransomware ecosystem attractive increasingly professionalized, moving almost exclusively towards that ransomware-as-a-service model,” he said.

But even as the ways racketeers use ransomware are set to evolve, the actual makeup of the technology isn’t expected to change too drastically in the coming years.

“Outside of RaaS providers and those leveraging stolen or requisitioned toolchains, credentials and system access have proven to be effective,” Jake King, security lead at internet search unchanging Elastic, told CNBC.

“Until further roadblocks appear for adversaries, we will likely continue to observe the exact same patterns.”

Check Also

What Google’s quantum computing breakthrough Willow means for the future of bitcoin and other cryptos

Google’s current announcement of the arrival of Willow, a quantum chip that has reduced the …

Leave a Reply

Your email address will not be published. Required fields are marked *