Ransomware is a particularly vicious class of malware that infiltrates a victim’s computer, encrypts their files, and demands a ransom to unlock them.
The first ransomware attack occurred in 1989 and became known as the “AIDS Trojan.” It was created by an AIDS researcher who distributed 20,000 floppy disks (remember those?) infected with the malware at the World Health Organization’s annual AIDS conference. The disks were labeled “AIDS Information – Introductory Diskettes” and contained a program for analyzing a person’s risk of getting AIDS.
But the disks also carried a hidden payload activated after an infected PC was powered on 90 times. When the malware activated, it hid file directories and encrypted the names of all files on the PC. An onscreen message then appeared demanding a $189 payment to unlock the data.
Ransomware didn’t become a real threat until the early 2000s. Then in 2006, there were two relatively sophisticated attacks, dubbed “Archiveus” and “GPcode.“ Both used a more advanced form of encryption and were spread with contaminated email attachments.
A watershed development for ransomware occurred in 2009, when bitcoin, the world’s first cryptocurrency, was created. Bitcoin is ideally suited for ransomware attacks because payments are made peer-to-peer and are difficult to trace. By 2012, ransomware creators were generating more than $5 million in annual revenues, primarily paid in bitcoin.
But it wasn’t until 2017 that ransomware became a household word. In 2017, hackers who created ransomware called “WannaCry” froze more than 200,000 computers running Microsoft Windows in 150 countries and demanded bitcoin payments to restore access.
Since then, attacks by hackers planting ransomware on computer networks have exploded. In 2019, documented ransomware attacks increased 41% compared to 2018. Then in 2020, as remote working surged along with COVID-19, ransomware attacks spiked 150%. The ransoms victims paid out increased more than 300% during the year. By far the largest number of systems attacked were in the United States.
In 2021, we’ve seen further escalation of ransomware attacks. In April, Colonial Pipeline, one of America’s largest energy distribution networks, was forced to shut down its entire grid for several days. Chaos erupted on the East Coast as gasoline shortages hit several states. To regain control of its systems, Colonial paid 75 bitcoin, or around $5 million to the DarkSide ransomware gang, believed to be based in Russia.
Another recent high-profile victim of ransomware this year was JBS Foods, one of the world’s largest meat processing companies. The attack shut down operations at 13 meat-processing plants. To regain control of its network, JBS paid a $11 million ransom in bitcoin to REvil, another Russian-based gang.
But the biggest and most audacious attack ever occurred over the July 4 weekend. As Americans were celebrating Independence Day, the REvil gang attacked Kaseya, Ltd., a Miami-based managed service provider (MSP) company that helps its customers maintain their IT infrastructure and end-user systems.
The hackers targeted a Kaseya tool called VSA, used by at least 1,500 businesses and government agencies worldwide to manage digital services for their clients. REvil then encrypted the files of approximately 1,000 of their customers and demanded a ransom payment from each of them. The total ransom REvil received isn’t known, but the criminal gang demanded anywhere from a few thousand dollars to $5 million or more per victim to unlock their files.
Not surprisingly, the lucrative take from ransomware has set off a race among cybercriminals to find and attack vulnerable systems. “This is going to happen again and again,” says Victor Gevers, head of the Dutch Institute for Vulnerability Disclosure.
Could your business be the next one affected by a ransomware attack? It’s a real possibility, especially if you outsource maintenance of your IP system to another company. The only way to protect yourself in this case is to back up your entire system daily and keep those backups off your network.
Otherwise, good computer “hygiene” is the key to avoid ransomware attacks. Most importantly, don’t open email messages or click on links from senders you don’t recognize or trust. Also beware of impersonation scams – emails that appear to come from a trusted source. Keep your antivirus software up-to-date and check to ensure it has built-in protections against ransomware. There’s a list of software that qualifies on that score at this link.
What’s more, never respond to emails suggesting software running on your system needs to be updated. Almost any legitimate update will announce itself within the program to be updated, not in an email.
Finally, periodically test your backups and have a step-by-step plan for restoring critical network systems. That way, if your network is ever infected with ransomware, you’ll be ready.