A History of Ransomware

Ransomware is a type of malware in which the perpetrator threatens to commit a malicious act unless the victim pays a ransom. The simplest type of ransomware appears to lock the target system, although a person with reasonable knowledge of computers can usually resolve the problem without paying the ransom.

However, the most sophisticated ransomware attacks encrypt the victim’s data in a way that’s impractical to decrypt, meaning the cost of decrypting the data without the decryption key is greater than the ransom. Modern ransomware typically requires payment in the form of a digital currency such as Bitcoin, making it difficult to trace the payment and prosecute the perpetrator.

 

Origin

Observers often consider the AIDS Trojan to be the first ransomware, which was written in 1989 by Joseph Popp. However, it was particularly ineffective as it stored files in a hidden directory on the victim’s own computer. Furthermore, only the file name was encrypted, and the decryption key was stored in the ransomware. This design allowed many users to recover the data with relative ease. The AIDS Trojan claimed that one of the user’s software licenses had expired and that sending $189 to PC Cyborg Corporation would resolve the problem.

 

Anonymous Cash Systems

In 1992, David Naccache and Sebastiaan von Solms proposed the use of anonymous cash systems to collect the ransom from a human kidnapping. This technique used a newspaper to deliver the money electronically, as cryptocurrency didn’t exist at that time. Adam L. Young and Moti Yung introduced the idea of public key cyptography in ransomware attacks in 1996 by implementing a proof-of-concept that used a hybrid of Rivest-Shamir-Adleman (RSA) and Tiny Encryption Algorithm (TEA) to encrypt the victim’s data with a public key. Unlike the AIDS Trojan, this ransomware didn’t need to contain the decryption key, allowing attackers to keep it private. This type of ransomware became prominent by 2005 and used increasingly lengthy RSA keys that reached 1,024 bits by 2008.

 

Cryptocurrency

The introduction of cryptocurrency in 2013 made ransomware more difficult to defeat, resulting in attacks on a larger scale. The CryptoLocker ransomware made an estimated $27 million from October 15 and December 18 of that year, resulting in many similar Trojans. Analysts discovered ransomware in August 2014 that specifically targeted Synology’s network-attached storage (NAS) devices. Ransomware also began attacking individual web servers and websites by January 2015.

 

Current Status

Malicious actors began to conduct ransomware campaigns on a commercial scale by 2012. Data collected by anti-virus developer McAffee showed that the number of ransomware samples more than doubled from 2013 to 2014. This trend continued to accelerate, resulting in an estimated 181.5 million ransomware attacks during the first half of 2018. This figure represented a 229 percent increase over the same period from the previous year.

The scale of ransomware attacks has also continued to grow since then. The ransomware attack against Universal Health Services was the largest against a single target as of June 2021. This attack began on September 28, 2020 and caused widespread service outages throughout the company’s 400 locations in the US and UK.

 

Ransomware flickr photo by wuestenigel shared under a Creative Commons (BY) license