To win the fight against a rapidlyevolving malware, it has become the responsibility of every device user to protect themselves before ransomware strikes. But where does it come from? How does it spread? And where can it possibly go?
The earliest instances of ransomware were first spotted in Russia as early as 2005. Their encryption methods were primitive, in comparison to modern strains like CryptoLocker and WannaCry. A 2006 ransomware called TROJ_CRYZIP.A zipped particular file types (.doc, .xls, .jpg, etc.) with password protection, and demanded US$300 in ransom via a simple .txt file.
It was only after 2012 when ransomware started actively targeting other territories, such as Europe and North America. One of the more memorable examples was Reveton, which uses location tracking to display a fake enforcement agency notification that’s relevant to the victims. For example, a US-based user would get a fake FBI notification about their alleged “illegal activities” online. Folks in France would see the same message in French, while it spoofed the Gendarmerie Nationale emblem instead. According to cybersecurity blog Malwarebytes Lab, this variant still persisted in March 2016, and further improvements allow it to target Mac OS X users. It also included a wider panel of impersonated authorities, such as the Royal Canadian Mounted Police and Europol.
Cybersecurity firms in general have a consensus on what ransomware entails. According to Kaspersky Labs, Trend Micro, and Norton by Symantec, it is really just another variant of malware that cripples your system, usually through encryption methods. What sets it apart is the ransom fee it demands, promising victims access back to their own data once it’s paid up.
Collecting that ransom is what truly separates it from typical malware – and it’s lucrative to do so. According to Symantec’s Ransomware and Businesses 2016 white paper, the average ransom demand was US$679 per person last year. SonicWall’s 2017 Annual Threat Report showed businesses paying a total of US$209 million to ransomers in the first quarter of the year alone. CryptoLocker, a ransomware that made its run 2013, received US$27 million in Bitcoins over three short months. Malicious coding isn’t just a prank by script kiddies; it’s now a full-time career with multi-million dollar revenues.
Along with increase in profits, ransomware also updated their collection methods from anonymous prepaid cash cards to Bitcoin.