The Evolution of Ransomware

Ransomware is posing a bigger threat than ever, as cybercriminals are
increasingly targeting large organisations, and demanding bigger ransoms

The Evolution of Ransomware

First appearing in the 1980s, ransomware attacks have evolved over the years, as cybercriminals seek new ways to expand the scope and profitability of their operations.

What is ransomware?
Ransomware is a malicious software that infects and gains access to a system, holding the data hostage via encryption until the victim pays a ransom in exchange for a decryption key; recent attacks also threaten to leak confidential or sensitive information as an added threat. Today, ransomware attacks are never far from the headlines, with the frequency increasing alongside more innovative distribution methods.

Early ransomware
But ransomware is far from a new phenomenon. The AIDS Trojan, or PC Cyborg virus, infected systems via floppy disk back in 1989, with victims needing to send $189 to a PO Box in Panama to restore their data. Joseph Popp, an AIDS researcher, sent out 20,000 floppy disks to fellow researchers, lying dormant in computers and only activating after they were powered on 90 times. This rudimentary malware is often cited as the first example of ransomware. 2005 saw the emergence of PGPCoder, which encrypted certain file types such as .doc, .html, .jpg and .zip, demanding between $100-$200 sent to an e-gold or Liberty Reserve account. The WinLock Trojan, emerging from Russia in 2010, didn’t use encryption, instead opting to display pornographic images across the victims screen, demanding a ransom for them to be removed.

Ransomware becomes widespread
However, ransomware attacks didn’t become widespread until the 2010s, alongside the emergence of cryptocurrencies like Bitcoin, providing an easy, untraceable method, outside of the traditional financial institutions, to receive ransom payments. From around 2012, there was a substantial proliferation of ransomware. 2013 saw the emergence of CryptoLocker, which usesdan RSA 2048-bit key to encrypt the host’s files, renaming them by adding extensions such as .encrypted, .cryptolocker, or sometimes a string of seven random characters. Spread via infected email attachments and a Gameover ZeuS botnet, CryptoLocker would encrypt files and display a message offering to decrypt the files on receipt of a ransom payment, threatening to delete the private key by a deadline, ramping up pressure to pay. In May 2014, Operation Tovar, a coordinated international effort, saw CryptoLocker isolated, with the database of private keys obtained; an decryption tool was then released for victims to get their files back without paying the ransom. It is believed that a total of $3 million was extorted by CryptoLocker operators. In the months and years that followed, more examples of ransomware continued to appear, including SynoLocker, CryptoWall, Cryptoblocker, and Chimera. The latter is significant, as it saw hackers threatening to publish stolen data online if the victim doesn’t pay.

WannaCry causes widespread disruption
In May 2017, cybercriminals took advantage of a weakness in Windows, using a hack allegedly developed by the US National Security Agency, known as EternaBlue. While Microsoft released a security patch several months before the attack, many individuals and organisations didn’t install the update, and were left exposed to the ransomware attack. The WannaCry ransomware attack hit around 230,000 computers worldwide, with thousands of NHS hospital and surgeries in the UK hit. A third of NHS trusts were affected, which cause large amounts of disruption, including ambulances needing to be rerouted, and thousands of appointments cancelled.

Ransomware targets smartphones, Macs and Linux
Ransomware gangs began to target a wider range of devices in the years that followed. Jnuary 2015 saw the emergence of the Fusob ransomware, which targets Android devices. Spread via pop-ups once the Trojan is executed, the device displays a fake screen accusing the owner of wrongdoing, and demanding a small “fine” of between $100 and $200. The Fusob ransomware. In 2016, KeRanger became the first ransomware to target Macs, and is remotely executed from a compromised Transmission installer, a BitTorrent client, downloaded from the official website. Hidden within the .dmg installer. Ransom32, first appearing in 2016, is a Javascript-based ransomware, and is capable of infecting Windows, Mac and Linux systems; it is a ransomware-as-a-service, being sold on the dark web, with the authors getting a 25% cut of the ransom payments.

Ransomware evolves further: doxware/leakware
In recent years, ransomware operators started to notice that fewer victims were paying up. This could be down to increased awareness of the dangers of ransomware within companies, or more effective data backup solutions being in place; ransoms needn’t be paid if encrypted data can be restored from a recent backup. In response, cybercriminals have taken to stealing data as well as encrypting it, threatening to leak it if the ransom isn’t paid. This is known as doxware, or leakware. These ransomware attacks can result in higher ransoms being demanded, as leaked data can be damaging to the reputation of a business, not to mention opening up the possibility of lawsuits if personal data from clients is made public. Some ransomware gangs, such as Maze, operate on a “double-extortion” model, where they demand a ransom payment in exchange for the decryption key, and threaten to publish the data on the dark web if the payment isn’t made before a certain date.

Ransomware-as-a-service (RaaS)
As option of the software-as-a-service (SaaS) model, ransomware-as-a-service (RaaS) is a subscription-based model, that allows affiliates to use existing ransomware tools to execute attacks, earning a percentage of each ransom payment made. Now, coding knowhow is no longer a prerequisite for a ransomware cybercriminal, with ransomware tools now effectively available to anyone “off the shelf”. Researchers at cybersecurity company Group-IB found that in 2020, almost two thirds of ransomware attacks were operated on the ransomware-as-a-service model. Mirroring software-as-a-service, ransomware-as-a-service affiliates sign up with a one-off fee or a monthly subscription, and are supported by operators in launching successful attacks. Affiliates typically present potential victims with a phishing email, directing them to an exploit site if clicked, allowing the ransomware to be clandestinely downloaded. The Covid-19 pandemic has seen a huge increase in the number of phishing emails, attempting to trick users with details relating to things like vaccines.

The future of ransomware
Ransomware shows no sign of disappearing or slowing down, and will likely grow as a threat as it becomes more and more profitable; 2020 saw the highest ever ransom demand on record, a whopping $30 million. Additionally, the average ransom paid increased from $115,123 in 2019 to $312,493. It’s likely that ransoms will continue to grow in size, particularly as cybercriminals target larger companies. Over the course of the Covid-19 pandemic, ransomware attacks against certain sectors have increased dramatically, such as retail (365%), healthcare (123%), and government (21%). Attackers are even targeting vaccine manufacturers – in October 2020, a clinical trial software manufacturer involved in Covid vaccine testing was targeted by a ransomware attack. The pandemic has provided a perfect opportunity for cybercriminals, as businesses are adapting to the “new normal” and potentially letting their guard down to threats like ransomware.

Categories

Cloud Storage (1)

Computer Forensics (2)

Data Recovery (87)

Data Recovery Specialists News (1)

Data Security (3)

Hard Drive Data Recovery (2)

Mobile Phone Recovery (1)

RAID Data Recovery (21)

SSD Data Recovery (4)

Technology (79)

Free Diagnosis

"Our free hard drive data recovery evaluation service will tell you whether your data can be recovered, exactly how much it will cost and how long the data recovery will take. Simply phone or email us for a job number and send your data recovery to us. Your hard drive or media will be photographed, catalogued and bar-coded and the data recovery evaluation will start within an hour of receipt."

Listing Of Recoverable Files

"Once in the laboratory, your media will undergo a comprehensive data recovery evaluation to determine the extent of the data loss. We aim to complete this process within 24 hours depending on the complexity of work involved. The engineers will provide a no obligation recovery prognosis, with a guaranteed list of recoverable files and an estimated timescale. You can then decide whether to proceed with the recovery. Should you choose not to proceed, we will return your media by secure data courier."

Completing the Process

"Should you choose to proceed, the data recovery process will be completed and the data will be safely stored on our servers. We will then copy out the data to your preferred choice of output media - either 64Gb memory stick or HDD (for purchase or loan). Your data will be dispatched on our secure, next day courier service. Once you have received your data any copies of your data will be permanently and securely erased from our servers after 7 days."

Established and Trusted

"40 years experience in the data recovery industry chairing ISO and BSI standards, we have developed a reputation for excellence at a price that is affordable. With extensive data recovery research and development capabilities, our success rates are second to none - without compromising on our prices! This is why over 36,000 companies and individuals come to us every year."

Safeguarding Your Data

"Your data is important to us, which is why all our data recovery procedures comply with the Association of Chief Police Officers Guidelines and Civil Procedure Rules for handling electronic evidence. Great care is taken when recovering and handling your data to ensure that its integrity is maintained and that there is a clear audit trail through the entire data recovery process."

Industry Leading Diagnostics

"Our data recovery laboratory completes over 120 successful recoveries every day from clients including the British Petroleum, NHS and EDF Energy. With ISO 27000 (Information Security) and ISO 9001 (Quality Management) accreditation - we are a data recovery company you can rely upon! Class 100 clean rooms, specialised platter removal jigs and software applications allow us to provide the most comprehensive service in the industry."

"Absolutely fantastic"

"Absolutely fantastic customer service from a very professional, efficient and friendly team. They are great at communicating findings and keeping you up to date with recovering any lost data. We had a corrupt video file recovered using the express service and the work was completed very quickly. I highly recommend using Data Recovery Specialist and rate the service and experience a 10/10"
Will Lloyd
Five Star Review

"Service I received was great"

"The data recovery service I received was great. They were very clear from the outset about what may and may not be possible and what the cost would be. From my device being collected by a courier, to a new device being sent back to me only a matter of days later, they were in touch every step of the step way to let me know what was happening. "
Lucy Owen
Five Star Review

"I found the service easy use"

"I found the service easy use. The recovery of my data was carried out extremely efficiently. It wasn’t cheap but the cost included a new Hard Drive. The issue for me was the recovery of my photographs, some of which were really irreplaceable. Everything I needed was carried out and the data was returned to me on the new hdd in a manner that followed my own distribution."
Martyn Webster
Four Star Review

"Delivered in the timescales promised"

"The service from start to finish was excellent. Before contacting DRS I had been advised I needed their type of specialist service. The technical service and customer service was always top class, everything was delivered in the timescales promised. It was expensive but it recovered the irreplaceable and that, in its way, is priceless."
Martin Goff
Five Star Review

"I would definitely recommend them"

"My external hard drive failed and the local company I tried couldn't retrieve anything from it. I found Data Recovery Specialists through an online search and they responded to my initial query very quickly. I sent my hard drive to them and they were able to recover all my data very quickly, keeping me informed of what was going on the whole time. Great service and I would definitely recommend them."
Lorraine Bunce
Four Star Review

"Would recommend to anyone"

"Excellent service, I felt completely at ease sending my hard drive to be fixed with Data Recovery Specialists. Would recommend to anyone needing help salvaging their hard drives."
Jemima le Sueur
Five Star Review

"Helped me retrieve the data"

"I had a damaged external hard disk that my local computer shops were unable to repair. Data Recovery Specialist help me retrieve the data quick. It's not a cheap service but it works and the data recovered was far more valuable than the repair cost. "
Music Law Contracts
Four Star Review

"Quick and professional service"

"I had dropped my external while it was spinning so did huge amounts of damage. I contacted several companies and opted for DRS. They were very quick with communication, explained everything for someone who’s not terrifically technically minded and put it all in writing as well. Collection of my device was simple, the turn around time was quicker than I expected and they kept me informed right through the process. Really pleasant and professional company. If I do break something, they would be my first port of call, but I’m hoping I won’t!"
Alex West
Five Star Review

"Fantastic job"

"The guys did a fantastic job in recovering my very important data. My interaction with Daniel Rees was very good, he was honest with what he could do to recover my very important Data. I also found their customer service department especially Roger a pleasure to deal with. My only real concern is that I found the company to be too expensive, however I scored them a 5 star as they recovered 100% of my very important Data."
Richard Daniel
Four Star Review

"Recovered my precious data"

"The guys at Data Recovery were excellent, especially Daniel Rees and Roger from customer service, who throughout my interaction with them kept me informed and were honest with regards to what they could do to recovery my precious data. They were very expensive but I've given them 5 stars as they manage to recovery all 100% of my data."
Ricky Daniel
Five Star Review

"The best in data recovery"

"After a bad experience with my local computer shop who had my dead hard drive for a week and said the data could not be recovered, I sent my hard drive to Data Recovery Specialists. Rapid, amazing service. Had a report of files available in 24h and 100% of data was recovered from hard drive. These guys are the pros! "
Michael Paterson
Five Star Review

"The data recovery service was first rate"

"The data recovery service was first rate from start to finish. My hard drive was collected quickly by a pre arranged courier service and returned quickly in the same manner.I was kept informed by telephone at all parts of the recovery and all my data was returned.I can fully recommend this company to anyone."
Cecilia Gregson
Five Star Review

PAGES

Home
About
Services
Questions
Insights
Contact
Cookies Policy
Complaints Policy
Privacy Policy
Returns Policy
Data Protection Policy
Terms And Conditions

SERVICES

Hard Drive Recovery
RAID Recovery
SSD Recovery
USB Recovery
Virus Recovery
Android Phone Recovery
iPhone Recovery
Hard Drive Repair
SD Card Recovery
Computer Forensics
Tape Migration

GET IN TOUCH

Name

Email

Telephone

Message

0800 223 0162
sales@datarecoveryspecialists.co.uk

Embassy Offices, Stangate House, Stanwell Road, Penarth, Cardiff CF64 2AA

Southbridge House, Southbridge Place, Croydon CR0 4HA

272 Bath Street, Glasgow G2 4JR

Clavering House, Clavering Place, Newcastle Upon Tyne NE1 3NG

Rodney Chambers, 40 Rodney Street, Liverpool L1 9AA

2 King Street. Nottingham NG1 2AS

Enterprise House, Ocean Village, Southampton, SO14 3XB

Blackwell House, Guildhall Yard, London EC2V 5AE

Data Recovery Services Ltd
Registered Number 04417876
VAT Number 803 1178 66

Website by IT Pie – web design Cardiff

Contact Us!

To speak with one of our Sales Team call us on:
0800 223 0162
Alternatively enter your details below followed by your enquiry and one of our team will get back to you.

Quick Enquiry

The Evolution of Ransomware