Ransomware attacks, which are among the most widespread cyber attacks, with thousands of victims and increasingly sophisticated developments to generate millionaire business, date back over thirty years ago, when cryptography found unexpected uses.
Today, suffering one of these attacks is unfortunately very easy, thanks to social engineering and phishing techniques, capable of deceiving users, even the most attentive ones, as companies and organizations who have seen their data disappear behind screens of ransom requests, with little chance of getting access to them again.
The History of Ransomware Attacks.
Looking back over their history, we note that the Ransomware attacks date back to 1989. It was the AIDS Trojan (or Aids Info Disk), a malicious software that made data unreadable thanks to encryption and demanded payment of a sum of money to obtain the decryption key. Released during an AIDS conference, it was hidden inside a floppy disk delivered to all attendees. When the floppy disk was inserted into the PC, the virus installed itself by encrypting the data. A sum was then required to be sent to Panama to get the key and decrypt the data. Obviously then its diffusion was limited, above all thanks to the fact that it was transmitted via floppy disk and to the technology that encrypted data rather weak.
The concept was later taken up by two researchers, Adam Young and Moti Yung, when in 1996 they published the article "Cryptovirology: extortion-based security threats and countermeasures" presenting the idea of an offensive use of cryptography, which, as a means of defense to protect data, could be used precisely for the purpose that it normally had to avoid, that is to make the data unreadable until the attacker's request was satisfied. These studies highlighted the potential and development of the cryptographic tools that were developing, anticipating the boom that this type of attack would have in the following years.
In fact, I will still have to spend some time before the Ransomware attacks as we know them today spread, obviously thanks to the availability of the internet and the number of people connected, as well as the development of cryptocurrencies and digitalization in the business environment. In 2013 CryptoLocker managed to extort $ 3 million in two months. Between 2014 and 2015, experts estimated that over 100,000 individuals around the world were attacked with Ransomware such as CryptoWall. In 2017, another very famous ransomware, WannaCry, infected at least 200,000 computers in 74 countries. The growth was exponential in the following years: in 2018 Ransomware was 23% of all malware, the following year 46% and in 2020 67%.
The most famous Ransomware attacks.
The ransomware known as NotPetya is famous for being the most expensive to date. Between 2017 and 2018, it mainly targeted companies causing damage for about 10 billion dollars. NotPetya spread via phishing emails with pdf attachments and jpeg images. When the file was opened, the PC was infected by a dropper, that is a software that downloads Ransomware from the internet. This double step allows you to better hide the malware, because the dropper is a small file, very light and easily integrated into traditional documents or files. Once installed, the Ransomware encrypts the data making it impossible for the user to read it until the key is provided to decrypt it, obviously after paying a sum of money, in Bitcoin. NotPetya is also able to spread within the network in which the infected PC is located, putting the entire corporate network at risk. In 2017 NotPetya was responsible for the attack on the AP Mller-Maersk company, which claimed to have suffered losses between 200 and 300 million dollars. The companies affected include the Central Bank of Ukraine, Rosneft, TNT Express, Mondelez and many others, for damages of millions of dollars.
In the same period, another Ransomware is talking about itself due to its rapid and widespread diffusion. WannaCry in a very short time infects thousands of devices all over the world, with companies of all kinds: from the energy industry to credit institutions, from telephone companies to universities, to healthcare companies. Computer systems actually found themselves unprepared for such a scenario. And the modest amount requested as a ransom, $ 300 in Bitcoin, has actually made a lot of money for cybercriminals, considering that it is at least 50,000 attacks. Originally a Ransomware that exploits vulnerabilities present on outdated devices and that enters networks through the most classic of phishing emails.
The evolution of these attacks does not stop. In 2019 Maze appears, the Ransomware that first introduces the double extortion system. To the demand for a ransom to gain access to the data again comes the threat of making confidential data public. In practice, it doesn't just encrypt them, but it exfilters them so that criminals get hold of them and are able to spread them in case the payment is not made. Not only. Even if the victim were able to restore the data, thus avoiding paying, they would still run the risk of seeing the data disseminated. An extra guarantee for the attackers to get what they ask for. In 2020 there were many victims of Maze: from Cognizant to Canon, to Xerox.