When a cyber-criminal wants to make a quick bundle of cash, they use Ransomware to infect a computer and encrypt all of the data on the hard drive. The malicious software sends an alert to the user indicating they must pay a ransom or lose their files forever.
In the past, criminals demanded ransoms be sent via cash or money order to post office boxes. However, that didn’t always last because post office boxes are traceable to an individual. Today, the ransom is almost always requested in the untraceable, anonymous currency of Bitcoin. Now that ransoms can be paid in an untraceable manner, the frequency of ransomware attacks has exploded.
The first documented Ransomware attack was perpetrated in December 1989 by an evolutionary biologist named Joseph L. Popp. Back in 1989, the internet existed but it wasn’t what it is today, so the attack was executed through an infected computer disk.
Popp sent out 20,000 infected disks to attendees of the international AIDS conference. The disks were labeled “AIDS Information – Introductory Diskettes.” Under the guise of being a questionnaire to help users determine their risk of contracting AIDS, the disks were secretly infected with ransomware dubbed the “AIDS Trojan” also known as the “PC Cyborg.”
After 90 reboots, unsuspecting victims were met with a ransom demand for $189. Popp wanted payments to be sent to his post office box in Panama, which was eventually traced. Surprisingly, he was caught but never prosecuted.
Since then, thousands of Ransomware attacks have been perpetrated against individuals, small businesses, and even giant corporations. Although Ransomware attacks started out rather basic, they’ve become complex and virtually untraceable. Unfortunately, because of the profitability, Ransomware attacks are here to stay.
Although most people understand the concept of ransomware, it should be called out for what it really is – extortion. Extortion is a felony in the United States and that’s why modern day criminals are brave enough to launch ransomware attacks while relying on the anonymity of cryptocurrencies.
Ransomware attacks rely on encryption technology to prevent access to files. Throughout the 1990s, as encryption methods continued to advance, Ransomware attacks also became more sophisticated and impossible to crack. Around 2006, groups of cyber criminals began taking advantage of asymmetric RSA encryption to make their attacks even more impossible to thwart.
For example, the Archiveus Trojan used RSA encryption to encrypt the contents in a user’s “My Documents” folder. The ransom demanded victims purchase goods through an online pharmacy in exchange for a 30-digit password that would unlock the files.
Another Ransomware attack around that time was the GPcode attack. GPcode was a Trojan distributed as an email attachment masquerading as a job application. This attack used a 660-bit RSA key for encryption. Several years later Gpcode.AK – it’s predecessor – leveled up to using 1024-bit RSA encryption. This variant targeted more than 35 file extensions.
Ransomware attacks may have started off simplistic and daring, but today they’ve become a business’ worst nightmare and a criminal’s cash cow.
Cyber criminals know they can make money with Ransomware and it’s become a largely profitable industry.
According to a Google study titled Tracking Ransomware End-to-End, cyber criminals make over $1 million per month with Ransomware. “It’s become a very, very profitable market and is here to stay,” said one researcher. The study tracked more than $16 million that appeared to be ransom payments made by 19,750 people in the span of two years.
The BBC reported on this Google study and explained that there are multiple ‘strains’ of Ransomware and some strains make more money than others. For example, a Bitcoin blockchain analysis showed that the two most popular strains – Locky and Cerber – made $14.7 million combined in just one year.
According to the study, more than 95% of Ransomware attackers cashed out their Bitcoin payments through Russia’s now defunct BTC-e exchange. They’ll probably never be caught.
Business owners who are unprepared for a Ransomware attack won’t bounce back without consequence – if they bounce back at all. They’ll either pay the ransom (which doesn’t always result in the restoration of files) or they’ll spend time and money unsuccessfully trying to crack the encryption.
When nothing works, they’ll source a former version of their files from employees, contractors, and others who may have copies. While they might find most of their files, they won’t be current versions and the entire team will need to put in extra hours just to get the business back to normal.
The only way to prevent a Ransomware attack is to be prepared before it happens. That requires creating regular offline backups on a device that doesn’t stay connected to the internet. Malware, including Ransomware, can infect backup drives and USB drives just the same. It’s crucial to ensure you maintain current offline backups.
If you haven’t yet, now is the time to secure all endpoints with anti-ransomware software. At Check Point Software, we offer this solution to all of our endpoint security suite customers. Our endpoint security suite – SandBlast Agent – delivers real-time threat prevention to all of your organization’s endpoints.
With so many devices accessing your company’s network, you can’t afford to skip endpoint protection and threat prevention. Today’s borderless networks require powerful software to protect against cyber-attacks of all kinds including ransomware.
With SandBlast Agent, your network will be dynamically protected around the clock from ransomware and other threats.
To learn more about how Check Point can protect your network, schedule a free demo for SandBlast Agent or contact us for more information. If you’re not sure which services you need, our data protection experts will help you find what’s right for you.