The history of harmful ransomware
The first malicious ransomware, known as PC Cyborg or AIDS, was formed in the late 1980s. PC Cyborg ransomware can encrypt all files in the C: drive directory after 90 reboots, and then require the user to renew their license and mail $ 189 to PC Cyborg. The encryption used was simple enough to switch, so it posed a minimal threat to those whose computers had been hacked.
As ransomware types decreased over a 10-year period, no ransomware threats appeared on the scene until 2004, when the GpCode ransomware used weak RSA encryption to steal personal files and return them after the ransom was paid.
In 2007:
WinLock ransomware signaled the emergence of a new type of ransomware, which locks users' desktops instead of encrypting files. The malicious WinLock ransomware virus has taken over the victim's screen and shown her pornographic pictures. Then, the program requested to pay money and send small text messages for the amount to remove the screen.
With the development of the Reveton ransomware family in 2012, a new type of ransomware emerged: law enforcement ransomware. Victims' desktops were locked and a seemingly official page appeared with credentials for law enforcement agencies such as the FBI and the International Criminal Police Organization. The harmful ransomware required the user to commit a crime, such as hacking into a computer, downloading illegal files, or even engaging in child exploitation to spread pornographic material. Most of the families of ransomware have been law enforcement, requiring a fine of between $ 100 and $ 3,000 using a prepaid card such as UKash or PaySafeCard.
The regular users did not know what to do about it and believed that they were already under investigation from a law enforcement agency. This social engineering technique, now referred to as tacit guilt, makes the user wonder whether or not they are innocent, and instead of checking the activity for which they are not responsible, pay the ransom to hide it.
In 2013:
CryptoLocker brought malicious encrypted ransomware back to the world, and only this time was it more dangerous. The CryptoLocker ransomware used military encryption and stored the passkey needed to unlock files on a remote server. This meant that it was virtually impossible for users to obtain their data without paying the ransom. This type of malicious encrypted ransomware is still used today, as it has proven to be a very effective tool for cyber criminals to obtain money. In many cases, ransomware, such as WannaCry in May 2017 and Petya in June 2017, have used encrypted malware to entrap users and companies around the world.
In late 2018:
Ryuk topped the malicious ransomware scene with a series of attacks on US newspaper agencies as well as a North Carolina water utility company. And in an interesting twist, the target systems were first hacked with Emotet or TrickBot, two Trojans to steal information and now users to send other forms of malware like Ryuk, for example. Malwarebytes Labs director, Adam Kogawa believes that Emotet and TrickBot are being used to search for critical targets. After a system is hacked and flagged as a good target for ransomware to penetrate, Emotet / TrickBot re-penetrates the system again using Ryuk.
In recent news:
The criminals responsible for the Sodinokibi ransomware program (a program that claims to be affiliated with GandCrab), have started using Managed Services Companies (MSPs) to spread viruses. In August 2019, hundreds of dental clinics across the country discovered that they could no longer access patient records. The attackers used a compromised managed services company (MSP), in this case a medical records software company, to infiltrate more than 400 dental clinics using record-keeping software.
Sources:
Malwarebytes
kaspersky